AppRule Question -- can you restrict use of .. or control characters in URL?
How do you represent the . or ^ or other special characters in an AppRule?
My goal is to close a connection if the URI contains .. ^C ^X etc.
You can create a Request Sentry rule with .. in it, but that never gets hit.
I created a rule later in the ruleset that requires the URI's start with specific directories. That ends up working, but I'd rather limit the use of .. directly than indirectly. And that doesn't really do anything for the special control characters ^C ^X, etc.
What I found when I did a tcpdump/HTTPWatch was that the browser was normalising the request, so I entered /foo/foo/../../ but the browser was sending a 'GET /'. If I use a DOS command prompt and telnet to the cluster IP:port and enter 'GET /foo/foo/../../ HTTP/1.1' I then I get the reply from the file goaway.html as expected:
HTTP/1.0 404 Not Found Content-type: text/html Connection: close
<HTML> Not allowed to use ".." in the URL. </HTML>
Connection to host lost.
I would suggest also having rules to also catch unicode variants: