Are you trying to sanitize HTML inputs? If so, if you want to prevent script you'll need to do more than that tag. Things like <body onload="....."> can get script actions started too.
Are you wanting to block requests with these signatures or strip them out or "de-fang" them?
Ok, if I want to block a POST request containing the '<script>' tag in a form post data body, what are the values in the HTTP filter I've to set. Thanks.
Well in the signature section you add one with the criteria set to "Request Body" and in the signature you type what you want it to detect and block.
It's pretty limited, because what if they have "<script >" with extra spaces etc. etc.
You also have to give it a byte range, which is the amount of data it will accumulate to inspect. If you already have a limit to the size of your allowed POST, then this may not be a big deal.
Thanks again, I'm going to restrict '<script' so it covers all the variations. When you assign this signature under "Request Body" and give it a byte range from 0 to 10240, it didn't work. Any ideas, thanks.
I'm still stuck with it, without an answer. Any ideas will be really appreciated.
A brief summary of what I've done is below;
- I've created a HTTP filter signature with the following properties + Search in: Request body + Signature: <script + Byte Range From : 1 To: 10240 + Format: Text
But when I enter the text '<script' on a html form field and submit the form, the http filter is not blocking it.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA 2006 Firewall] >> HTTP Filtering >> HTTP filter to restrict POST DATA 
HTTP filter to restrict POST DATA - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread