Question
Is WAF able to block requests containing certain parameters & values?
Environment
- Silverline WAF
- iRules
Answer
Yes, this can be achieved with the implementation of the parameter & value template iRule.
when HTTP_REQUEST priority 305 {
foreach qrystr [class names [call ag_info0::datatable_name datatablename]] {
set counter 0
set keypairs [split [split $qrystr "="] "&"]
foreach keypair $keypairs {
foreach {name value} $keypair {
if {[URI::decode [URI::query [HTTP::uri] $name]] eq [URI::decode $value]} {
incr counter
set match 1
} else {
set match 0
}
}
if {!$match} {
break
}
}
if {$counter == [llength $keypairs]} {
set agl [call ag_log0::open -rulename irulename -rulever 1]
call ag_log0::http_kvp $agl INFO action "blocked" blocked 1
drop
event disable all
return
}
}
}
If you would like to deploy this iRule, create ticket with SOC and provide following information:
- Name for your iRule.
- Name for the parameter & value string datatable.
- In this datatable you will be able to input parameter and value pairs for inspection.
- EG: pyActivity=Rule-Obj-Property.DBSchema_ListProperties
Related Content
- How to Create iRules with iRule Editor in Silverline Portal
- How To Configure iRules Proxy Option
- Q&A: What iRules are Supported by Silverline?