DX - Load Balancing & Application Acceleration
DX - Load Balancing & Application Acceleration

AppRule Question -- can you restrict use of .. or control characters in URL?

‎08-15-2008 07:38 AM

How do you represent the . or ^ or other special characters in an AppRule? 

 

My goal is to close a connection if the URI contains .. ^C  ^X  etc. 

 

You can create a Request Sentry  rule with .. in it, but that never gets hit.

 

I created a rule later in the ruleset that requires the URI's start with specific directories.  That ends up working, but I'd rather limit the use of .. directly than indirectly.  And that doesn't really do anything for the special control characters ^C ^X, etc.

1 REPLY 1
Highlighted
DX - Load Balancing & Application Acceleration

Re: AppRule Question -- can you restrict use of .. or control characters in URL?

‎08-18-2008 06:43 AM

Hi,

 

I tested the following apprule:

 

vauxhall% display file block_chars.app
RS: url contains ".." then reply 404 "goaway.html"

 

What I found when I did a tcpdump/HTTPWatch was that the browser was normalising the request, so I entered /foo/foo/../../ but the browser was sending a 'GET /'.  If I use a DOS command prompt and telnet to the cluster IPSmiley Tongueort and enter 'GET /foo/foo/../../ HTTP/1.1' I then I get the reply from the file goaway.html as expected:

 

 

HTTP/1.0 404 Not Found
Content-type: text/html
Connection: close

<HTML>
      Not allowed to use ".." in the URL.
                                         </HTML>

 

 

 


Connection to host lost.

 

 

I would suggest also having rules to also catch unicode variants:  

 

%2E   is   '.'

%5E   is   '^'

 

 

http://www.unicode.org/ has a chart at http://www.unicode.org/charts/PDF/U0000.pdf but I find http://www.asciitable.com/ easier to read.

Announcements

DX SERIES

The Juniper Networks DX application acceleration platform delivers a complete data center acceleration solution for Web-enabled and IP-based business applications.

RSS Icon