Author Archives: Simon Waters

F5 whitelist HTTP methods

Leave a reply

The F5 example is dated.

You want to white list (good security practice), you need to declare a namespace (>11.0), you want it short enough to read.

when RULE_INIT {
  set static::sec_http_methods [list "DELETE" "GET" "HEAD" "POST" "PUT"]
}

when HTTP_REQUEST {
  if { ![matchclass [HTTP::method] equals $static::sec_http_methods] } {
    reject
  }
}