Detect HTTP Pipelining Request
Good day all...
I am currently looking for method to detect HTTP pipelining request. This pipelining is currently exploiting our vulnerability in which cannot detect subsequent request on HTTP request in pipelining form (this may include someterm called HRS/HTTP Request Smuggling).
The sample request in text format is as follows
GET somehost-A.com:443 HTTP/1.1\r\n
Host: somehost-A.com:443\r\n
\r\n
GET http://somehost-B.com/ HTTP/1.1\r\n
Host: somehost-B.com\r\n
\r\n
The request above sent in a single frame, which should be meant a single socket. The "\r\n" delimiter between request seems to be a legitimate method to do the pipelining.
From some traces, I found that HTTP_REQUEST event fired for each subrequest.
Tried to detect and reject this pipeline request using this iRule
when HTTP_REQUEST {
-----
if {[info exists httpmethodprev]} {
log local0. "rejected HTTP pipeline"
reject
return
} else {
set httpmethodprev [HTTP::method]
}
-------
}
But the first request, in which the method saved on httpmethodprev variable, is not rejected.
Only the subsequent request successfully being rejected.
Any help are appreciated.