How can I block if a request contains a word in get url or post body using urlrewrite for tomcat

571 views Asked by At

I have a security loophole to fix by blocking a keyword in my request. If either the get or post request contains a keyword "ENTITY" I would like url rewrite to block the request and send 403.

Can someone help me write the rule in urlrewrite.xml? This is what I have tried which does not work.

 <rule>
    <note>
     Restrict keyword ENTITY in get or post request.   
    </note>
    <name>Restrict URI Access</name>
    <condition type="request-uri" operator="equal">ENTITY</condition>
    <from>(/.*)</from>
    <set type="status">403</set>
    <to last="true">null</to>
</rule>

Thanks ...Manas

1

There are 1 answers

0
Manas On BEST ANSWER

The following rule should do the trick. Here filter is the parameter of request that may contain keyword "ENTITY".

PS: Because it is a URL there may be many combination of Upper and lower case the parameter "filter" can be written. (e.g. FILTER, filter, Filter etc..)

<rule>
    <note>
        Stop ENTITY keyword
    </note>
    <name>StopENTITYKEYWORD</name>
    <condition type="parameter" name="filter" next="or">ENTITY</condition>
    <from>(/.*)</from>
    <set type="status">403</set>
    <to last="true">null</to>
</rule>