• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

HTTP filter to restrict POST DATA

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> HTTP Filtering >> HTTP filter to restrict POST DATA Page: [1]
Login
Message << Older Topic   Newer Topic >>
HTTP filter to restrict POST DATA - 2.Jul.2008 11:28:36 AM   
sidath

 

Posts: 7
Joined: 2.Jul.2008
Status: offline
Hi,

I need to restrict people submitting '<script>' tags through form fields to website database. Any ideas please, thanks.

Regards,
Sidath.
Post #: 1
RE: HTTP filter to restrict POST DATA - 2.Jul.2008 1:52:47 PM   
ferrix

 

Posts: 547
Joined: 16.Mar.2005
Status: offline
Are you trying to sanitize HTML inputs?  If so, if you want to prevent script you'll need to do more than that tag.  Things like <body onload="....."> can get script actions started too.

Are you wanting to block requests with these signatures or strip them out or "de-fang" them?

(in reply to sidath)
Post #: 2
RE: HTTP filter to restrict POST DATA - 2.Jul.2008 1:59:14 PM   
sidath

 

Posts: 7
Joined: 2.Jul.2008
Status: offline
Hi,

Thanks a lot for your reply ferrix.

I need to block that sort of requests with those signatures. Any ideas ... ?

Regards,
Sidath.

(in reply to ferrix)
Post #: 3
RE: HTTP filter to restrict POST DATA - 2.Jul.2008 2:05:07 PM   
ferrix

 

Posts: 547
Joined: 16.Mar.2005
Status: offline
Well you can configure simple signature blocking via the HTTP filter dialog.  Depending on your needs this may suffice for you.

If you need a more sophisticated filter, PM me for details.

(in reply to sidath)
Post #: 4
RE: HTTP filter to restrict POST DATA - 2.Jul.2008 2:12:59 PM   
sidath

 

Posts: 7
Joined: 2.Jul.2008
Status: offline
Ok, if I want to block a POST request containing the '<script>' tag in a form post data body, what are the values in the HTTP filter I've to set. Thanks.

(in reply to ferrix)
Post #: 5
RE: HTTP filter to restrict POST DATA - 2.Jul.2008 2:27:01 PM   
ferrix

 

Posts: 547
Joined: 16.Mar.2005
Status: offline
Well in the signature section you add one with the criteria set to "Request Body" and in the signature you type what you want it to detect and block.

It's pretty limited, because what if they have "<script    >" with extra spaces etc. etc.

You also have to give it a byte range, which is the amount of data it will accumulate to inspect.  If you already have a limit to the size of your allowed POST, then this may not be a big deal. 

(in reply to sidath)
Post #: 6
RE: HTTP filter to restrict POST DATA - 3.Jul.2008 6:41:43 AM   
sidath

 

Posts: 7
Joined: 2.Jul.2008
Status: offline
Thanks again, I'm going to restrict '<script' so it covers all the variations. When you assign this signature under "Request Body" and give it a byte range from 0 to 10240, it didn't work. Any ideas, thanks.

(in reply to ferrix)
Post #: 7
RE: HTTP filter to restrict POST DATA - 7.Jul.2008 6:53:26 AM   
sidath

 

Posts: 7
Joined: 2.Jul.2008
Status: offline
I'm still stuck with it, without an answer. Any ideas will be really appreciated.

A brief summary of what I've done is below;

- I've created a HTTP filter signature with the following properties
      + Search in: Request body
      + Signature: <script
      + Byte Range From : 1 To: 10240
      + Format: Text

But when I enter the text '<script' on a html form field and submit the form, the http filter is not blocking it.

(in reply to sidath)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> HTTP Filtering >> HTTP filter to restrict POST DATA Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts