url-rewritingtuckey-urlrewrite-filter

How can I block if a request contains a word in get url or post body using urlrewrite for tomcat


I have a security loophole to fix by blocking a keyword in my request. If either the get or post request contains a keyword "ENTITY" I would like url rewrite to block the request and send 403.

Can someone help me write the rule in urlrewrite.xml? This is what I have tried which does not work.

 <rule>
    <note>
     Restrict keyword ENTITY in get or post request.   
    </note>
    <name>Restrict URI Access</name>
    <condition type="request-uri" operator="equal">ENTITY</condition>
    <from>(/.*)</from>
    <set type="status">403</set>
    <to last="true">null</to>
</rule>

Thanks ...Manas


Solution

  • The following rule should do the trick. Here filter is the parameter of request that may contain keyword "ENTITY".

    PS: Because it is a URL there may be many combination of Upper and lower case the parameter "filter" can be written. (e.g. FILTER, filter, Filter etc..)

    <rule>
        <note>
            Stop ENTITY keyword
        </note>
        <name>StopENTITYKEYWORD</name>
        <condition type="parameter" name="filter" next="or">ENTITY</condition>
        <from>(/.*)</from>
        <set type="status">403</set>
        <to last="true">null</to>
    </rule>