Hi,
Le lun. 13 déc. 2021 à 19:38, John Lauro <[email protected]> a écrit :
> http-request deny deny_status 405 if { url_sub -i "\$\{jndi:" or
> hdr_sub(user-agent) -i "\$\{jndi:" }
> was not catching the bad traffic. I think the escapes were causing issues
> in the matching.
>
> The following did work:
> http-request deny deny_status 405 if { url_sub -i -f
> /etc/haproxy/bad_header.lst }
> http-request deny deny_status 405 if { hdr_sub(user-agent)
> -i -f /etc/haproxy/bad_header.lst }
> and in bad_header.lst
> ${jndi:
>
I tried
http-request deny deny_status 405 if { url_sub -i "\$\{jndi:" or
hdr_sub(user-agent) -i "\$\{jndi:" }
and
http-request deny deny_status 405 if { url_sub -i ${jndi: or
hdr_sub(user-agent) -i ${jndi: }
without success. Can anyone tell what's wrong with both syntaxes ? And how
to escape special chars correctly ?
Olivier
