Forum Discussion

TheManu's avatar
TheManu
Icon for Nimbostratus rankNimbostratus
Apr 19, 2010

Rejecting HTTP request

Hello there,

 

 

I'm trying to reject a http request when it's containing a special string, but it doesn't work.

 

 

Please have a look at my rule:

 

 

when HTTP_REQUEST {

 

if {[HTTP::path] starts_with "/MyString"}

 

{

 

reject

 

}

 

}

 

 

Is it correct to use the starts_with reference?

 

Do I have to change the sting "/MyString"? (The string could look like this www.myurl.com/MyStringAndMore/something.html)

 

Is the reject command correct?

 

 

Thank you for your help.

 

2 Replies

  • Problem solved. It works like this:

     

     

    when HTTP_REQUEST {

     

    if {[HTTP::uri] contains "MyString"}

     

    {

     

    reject

     

    }

     

    }
  • Hi Manu,

     

     

    Yes, if the string you're looking for is in the query string you could check HTTP::uri (which is the path and query string) or be more precise and check only the query string using HTTP::query.

     

     

    You might also want to set the query string to lower case and URI decode it before checking for the string to ensure a malicious user can't obfuscate the string in their request (%4d%79%53%74%72%69%6e%67 is "MyString" URI encoded).

     

     

    See the wiki pages for details:

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/http__query

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/http__uri

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/http__path

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/uri__decode

     

     

    Aaron