URI::query¶
Description¶
Returns the query string portion of the given URI or the value of a
query string parameter.
Syntax¶
URI::query <uri>
URI::query <uri> <param>
URI::query
- Returns the query string portion of the given URI.
URI::query
- Returns the value of a query string parameter from a given URI based on the parameter name. If the query string does not contain the parameter name, an empty string is returned.
- This command expects the query string to start with a question mark with the following format:
?parameter_name1=parameter_value1¶meter_name2=parameter_value2
- For POST requests with a content type of x-www-form-urlencoded, you can use [URI::query “?$payload” $param_name] to parse a specific parameter value given the parameter name. Note that you prepend a ? to the payload to allow it to be parsed as a query string. See the second example below for details.
Examples¶
when HTTP_REQUEST {
log local0. "Query string of URI [HTTP::uri] is [URI::query [HTTP::uri]]"
}
Log output:
Query string of URI /path/to/file.ext?param1=value1¶m2=value2 is param1=value1¶m2=value2
when HTTP_REQUEST {
log local0. "Value of query parameter \"param2\" from URI \"[HTTP::uri]\" is \"[URI::query [HTTP::uri] param2]\""
}
Log output:
Value of query parameter "param2" of URI "/path/to/file.ext?param1=value1¶m2=value2" is "value2"
when RULE_INIT {
log local0. "\[URI::query \"?param1=val1¶m2=val2\" param1\]: [URI::query "?param1=val1¶m2=val2" param1]"
log local0. "\[URI::query \"param1=val1¶m2=val2\" param1\]: [URI::query "param1=val1¶m2=val2" param1]"
}
Log output:
[URI::query "?param1=val1¶m2=val2" param1]: val1
[URI::query "param1=val1¶m2=val2" param1]:
Note that the first log statement returns the correct value for the
parameter named param1. This is because the test “payload” has a
question mark prepended to it. This type of functionality could be
used to parse parameter values after collecting the payload.