input validation

Question

Hi all,
I'm wondering that there are no useful search results for input validation of user-input in irules. I want to do a simple task:
when HTTP_REQUEST {
    set cookie [HTTP::cookie id]
}

I do some additional tasks (log, fill tables, ...) with $cookie, but prior to this I want to proper validate the input from HTTP::cookie and I'm not sure how to do that in a right way.
Thanks for your suggestions,
Philipp

arie · Answer

Are you asking how to read (and validate) values from a cookie that is sent by the client?&nbsp;

kevin_stewart · Answer

Here's just one way to do it:
when HTTP_REQUEST {
    if { ( [HTTP::cookie exists MYCOOKIE] ) and ( [HTTP::cookie value MYCOOKIE] matches_regex {\d{6}-[0-9A-F]{8}\d{8}} ) } {
        log local0. "match"
    } else {
        log local0. "not match"
    }
}

The matches_regex {\d{6}-[0-9A-F]{8}\d{8}} function would validate any value that starts with 6 digits, then a hyphen, then 8 hexadecimal values (0-9A-F), and followed by 6 digits.

Forum Discussion

input validation

2 Replies

Recent Discussions

Pricing when used with aws waf

F5 Rseries R2600 Tenant sizing

iRule help masking IBM host URL/URI

Need advise to setup a policy on F5

Advise on setting up IRULE

Related Content

ASM ser input type email doesn't allow valid emails

POC: Validate JWT with iRule

Mass input/create "Data group list" ?

Implementing SOA Patterns: Input/Output Validator

Implementing SSL Orchestrator - Validation & Troubleshooting