Follow

Q&A: Is WAF able to block requests containing certain parameters & values?

Question

Is WAF able to block requests containing certain parameters & values?

 

Environment

  • Silverline WAF
  • iRules

 

Answer

Yes, this can be achieved with the implementation of the parameter & value template iRule.

 

when HTTP_REQUEST priority 305 {
    foreach qrystr [class names [call ag_info0::datatable_name datatablename]] {
        set counter 0
        set keypairs [split [split $qrystr "="] "&"]
        foreach keypair $keypairs {
            foreach {name value} $keypair {
                if {[URI::decode [URI::query [HTTP::uri] $name]] eq [URI::decode $value]} {
                    incr counter
                    set match 1
                } else {
                    set match 0
                }
            }
            if {!$match} {
                break
            }
        }
        if {$counter == [llength $keypairs]} {
            set agl [call ag_log0::open -rulename irulename -rulever 1]
            call ag_log0::http_kvp $agl INFO action "blocked" blocked 1
            drop
            event disable all
            return
        }
    }
}
 
 
If you would like to deploy this iRule, create ticket with SOC and provide following information:
  • Name for your iRule.
  • Name for the parameter & value string datatable.
    • In this datatable you will be able to input parameter and value pairs for inspection.
    • EG: pyActivity=Rule-Obj-Property.DBSchema_ListProperties

 

Related Content

 

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request