Bobby_Hood_3633
Jun 27, 2018Nimbostratus
Blocking URLs with certain characters
I'm trying to use an iRule to drop any connections to a web server that include the less-than or greater-than characters in the URL. This is what I have so far. "illegal_url_chars" is a data group list containing two strings for the < and > characters.
It's not currently working and nothing is getting logged. This is my first iRule so any help is appreciated.
We're on v11.6.0 and upgrading to 13 soon.
when HTTP_REQUEST {
if { [class match [HTTP::uri] contains illegal_url_chars] } {
log local0. "Detected illegal URL characters from [IP::client_addr]"
log local0. "[HTTP::request]"
TCP::close
drop
}
}