Blocking URLs with certain characters

Question

I'm trying to use an iRule to drop any connections to a web server that include the less-than or greater-than characters in the URL. This is what I have so far. "illegal_url_chars" is a data group list containing two strings for the &lt; and &gt; characters.
It's not currently working and nothing is getting logged. This is my first iRule so any help is appreciated.
We're on v11.6.0 and upgrading to 13 soon.
when HTTP_REQUEST {
  if { [class match [HTTP::uri] contains illegal_url_chars] } {
    log local0. "Detected illegal URL characters from [IP::client_addr]"
    log local0. "[HTTP::request]"
    TCP::close
    drop
  }
}

youssef1 · Answer

Can you show us what is your illegal URL Chars?&nbsp;

stanislas_piro2 · Answer

Hi,&nbsp;you can try this code:&nbsp;when HTTP_REQUEST {
  if { [string match {*[&lt;&gt;]*} [HTTP::uri]} {
    log local0. "Detected illegal URL characters from [IP::client_addr]"
    log local0. "[HTTP::request]"
    TCP::close
    drop
  }
}If the URI is encoded, you have to convert it before check&nbsp;when HTTP_REQUEST {
    set uri [URI::decode [HTTP::uri]]
  if { [string match {*[&lt;&gt;]*} $uri} {
    log local0. "Detected illegal URL characters from [IP::client_addr]"
    log local0. "[HTTP::request]"
    TCP::close
    drop
  }
}

bobby_hood_3633 · Answer

&nbsp;

youssef1 · Answer

If you have ASM, you can do It easly... Otherwise you can use Stanislas Irule wich responds perfectly to your needs...&nbsp;

Forum Discussion

Blocking URLs with certain characters

4 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

Block traffic

irule block uri for external users when url has special characters such as $

domain blocking

Response and blocking page

Block IP after a number of ASM Blocks