Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

  1. Kemp Support
  2. Knowledge Base
  3. Content Delivery

Content rule to block XSS attack <script> tags in URL

Updated

 

Information

 

Summary:

This article outlines a solution for blocking XSS attack <script> tags in defined URLs and returning a 403 Forbidden error message.
Environment:

Product: LoadMaster

Version: Any

Platform: Any

Application: Any
Question/Problem Description:

How to block XSS attack <script> tags in defined URLs on the LoadMaster using a single content rule?
Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause:  
Resolution:

Below is an example syntax for a content rule that blocks XSS attack <script> tags in defined URLs:

 

Rule Name:  block_XSS
Rule Type:   Content Matching
Match Type:   Regular Expression
Header Field:   <empty>
Match String:  /<script>/
Negation:   False
Ignore Case:   True
Include Host in URL:   False
Include Query in URL:   True
Fail On Match:   True

 

After creating the above content rule, it is then necessary to apply it under a Virtual Service or Sub Virtual Service (SubVS) as a HTTP Selection rule under Advanced Properties

Then under the same Advanced Properties, set the Not Available Redirection Handling to 403 Forbidden and set an error message.

Now test a URL that contains a script query to see if the content rule works as expected by returning the 403 error message. An example test URL could be as follows:

https://test.domain.com/testscript.php?value=x<script>alert("XSS Attack!")</script>
Workaround:  
Notes:

Content Rules Guide:

https://support.kemptechnologies.com/hc/en-us/articles/7170469507341-Content-Rules

Regex101:

https://regex101.com/
Was this article helpful?
0 out of 0 found this helpful

Comments

In this document