Alert or Block GET requests with data

Question

We have a webpage with a username field, we'd like to prevent malicious actions by ensuring a GET with data cannot be accomplished. I would be happy with an iRule that looked to see if there was data in the GET request and alerted or dropped the connection or changed the GET to a POST.&nbsp;
Can anyone help?&nbsp;

tzoori_tamam_95 · Accepted Answer

I may have misunderstood the question, but if you enable an ASM policy, it is one of the basic check it enforces, under HTTP Protocol Compliance ("Body in GET of HEAD requests") - you need to make sure it is checked in the Policy Blocking Settings configuration page, and that your policy is set to Blocking.

redheadontherun · Answer

Or a rule that strips the data out of the GET request.

vernon_97235 · Answer

To drop:
when HTTP_REQUEST {
    if { [HTTP::method] eq "GET" } {
        HTTP::collect 10
    }
}

when HTTP_REQUEST_DATA {
    HTTP::release
    reject
}

vernonwells · Answer

To drop:
when HTTP_REQUEST {
    if { [HTTP::method] eq "GET" } {
        HTTP::collect 10
    }
}

when HTTP_REQUEST_DATA {
    HTTP::release
    reject
}

john_alam_45640 · Answer

You may also want to set the HTTP profile to UNCHUNK the requests.  And look for the presence of the Content-Length header.

john_alam_45640 · Answer

You may also want to set the HTTP profile to UNCHUNK the requests.  And look for the presence of the Content-Length header.

Forum Discussion

Alert or Block GET requests with data

7 Replies

Recent Discussions

Help with URL Masking

Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

Related Content

Certificate Expiry Email alert configuration

Beware, your logs - how blocked log4shell, Spring4Shell etc requests can still lead to compromise

ASM blocked request contains & (ampersand) symbol in parameter value

Block requests by reverse DNS record

ASM L7 DoS email alert