CSS 11503 - REGEX possibility

Unanswered Question

Hi,

Is there a way to use REGEX within the CSS?

If not, can we do it with the enhanced feature set?

GOAL:

In order to protect ourself from XSS scripting, we would like to be able to use REGEX within a header-field to catch several pattern within a query string and send those to a donjon server or a 404 page via a content rule.

Regards,

Wig

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Tue, 09/25/2007 - 08:44
User Badges:
  • Cisco Employee,

All you can do is this :


CSS11503-2(config-header-field-group[gd])# header-field test ?

msisdn HTTP extension MSISDN request header

referer HTTP Referer request header

accept HTTP Accept request header

encoding HTTP Accept-Encoding request header

charset HTTP Accept-Charset request header

connection HTTP Connection general header

cookies HTTP Cookie header

cache-control HTTP Cache-Control general header

pragma HTTP Pragma general header

host HTTP Host request header

language HTTP Accept-Language request header

user-agent HTTP User-Agent request header

request-line HTTP Request-Line

custom HTTP custom header field tag

CSS11503-2(config-header-field-group[gd])# header-field test user-agent

contain Header-Field exists and contains the header-string

equal Header-Field exists and is equal to the header-string

exist Header-Field exists in the request

not-contain Header-Field exists but does not contain the

header-string

not-equal Header-Field exists but does not equal the header-string

not-exist Header-Field does not exist in the request

CSS11503-2(config-header-field-group[gd])# header-field test user-agent ?

contain Header-Field exists and contains the header-string

equal Header-Field exists and is equal to the header-string

exist Header-Field exists in the request

not-contain Header-Field exists but does not contain the

header-string

not-equal Header-Field exists but does not equal the header-string

not-exist Header-Field does not exist in the request

CSS11503-2(config-header-field-group[gd])# header-field test user-agent



The CSM and ace both offer the possibility to use regex.


Gilles.

Gilles Dufour Wed, 09/26/2007 - 00:28
User Badges:
  • Cisco Employee,

the ACE module will soon come out in an appliance version.


Gilles.

Actions

This Discussion