iRule for screening form submission to script

Question

Our security team believes that a particular application is so sensitive that we should let the submitted data reach the server only if it passes content-based screening.  The idea would be to confirm that the fields and values submitted matched those that are valid (the form will not have any free-response -- text or textarea -- fields, only radio buttons, check-boxes, and selects).  Valid input would be passed along intact to the intended server for the script to process; we haven't decided yet whether invalid input should result in immediate failure, or in pooling to a different pool, where the server would respond with an error page, on the off-chance that a human was at the other end. 
&nbsp;  
&nbsp; This form is coded for method="POST" -- but knowing how to deal with method="GET" might also be useful, later. 
&nbsp;  
&nbsp; Looking at the CodeShare iRule samples, I noticed "HTTP Payload Collection"; is this a sensible starting point?  Is there a better starting point?  Are there any particular pitfalls to be alert to as we start down this way?   
&nbsp;  
&nbsp; Thanks in advance for all advice.

dennypayne · Answer

This kind of thing is precisely what the ASM module is for (Click here).   
&nbsp;  
&nbsp; That said, yes you could use HTTP::collect, parse the payload for various different conditions (probably using regex), and accept or reject (or send to an error pool) the connections based upon what you find. 
&nbsp;  
&nbsp; Denny

Forum Discussion

iRule for screening form submission to script

1 Reply

Recent Discussions

Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP

Help with URL Masking

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

Related Content

Passing Arguments to iCall Scripts

APM Optimisation Script

About script

Cross Site Scripting (XSS) Exploit Paths

Export Virtual Server Configuration in CSV - tmsh cli script