Forum Discussion
hooleylist
Jan 04, 2013Cirrostratus
There are fairly easy ways to bypass this type of validation though. Make sure to URI decode before checking the URI. You can try something like this:
when HTTP_REQUEST {
decode original URI.
set tmpUri [HTTP::uri]
set uri [URI::decode $tmpUri]
repeat decoding until the decoded version equals the previous value.
while { $uri ne $tmpUri } {
set tmpUri $uri
set uri [URI::decode $tmpUri]
}
HTTP::uri $uri
if {[string tolower $uri] contains "hostinfo.aspx"} {
check the Class to determine if it's not allowed
if { not [class match [IP::client_addr] equals allowed_networks] } {
log local0. "dropped connection"
reject
}
}
}
https://devcentral.f5.com/internal-forums/aft/3090031324
Aaron