Don't Allow a URL containing an MS-DOS device name

Community Forum Forums Thunder and AX Series aFleX Don't Allow a URL containing an MS-DOS device name

Tagged: ,

This topic contains 2 replies, has 2 voices, and was last updated by avatar sverreA 2 months, 4 weeks ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #12432
    avatar
    sverreA
    Member

    Hi!
    I would like to use our AX1030 and aFlex to make sure that “Microsoft ASP.NET MS-DOS Device Name DoS”-requests get a 404.5 response

    “Microsoft ASP.NET MS-DOS Device Name DoS”-request have one of the following as a sequence in the URL:
    AUX
    CON
    PRN
    NUL
    COM1
    LPT1
    LPT2
    LPT3
    COM2
    COM3
    COM4

    Any suggested way to solve this in a scalable way?

    Thanks!

    #12442
    avatar
    jserrano
    Member

    Hi,
    Just create a class list containing all patterns:
    !
    class-list msdosdn string
    str AUX
    str CON
    str PRN
    str NUL
    str COM1
    str LPT1

    !

    Then you can match url against your class list using aflex:

    when HTTP_REQUEST {
    if {[CLASS::match [HTTP::uri] contains msdosdn]} {
    HTTP::respond 404 content “Your request was blocked”
    }
    }

    Class list matching is far more efficient than regex matching and allows updating classlist on the go without traffic impact.

    Regards

    #12582
    avatar
    sverreA
    Member

    Thanks!

    My final script ended up like this:
    when RULE_INIT {
    set ::DEBUG 0
    set ::CLASSLIST “msdosdn”
    }

    when HTTP_REQUEST {
    set URI [string tolower [HTTP::uri]]
    if { [CLASS::match $URI contains $::CLASSLIST value] != “”} {
    HTTP::respond 404 content “Your request was blocked”

    if { $::DEBUG == 1 } { log “[HTTP::host] found match in URI: $URI” }
    }
    }

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

Comments are closed.