URI::query

Description

Returns the query string portion of the given URI or the value of a query string parameter.

Syntax

URI::query <uri>
URI::query <uri> <param>

URI::query
  • Returns the query string portion of the given URI.

URI::query
  • Returns the value of a query string parameter from a given URI based on the parameter name. If the query string does not contain the parameter name, an empty string is returned.

  • This command expects the query string to start with a question mark with the following format:

?parameter_name1=parameter_value1&parameter_name2=parameter_value2

  • For POST requests with a content type of x-www-form-urlencoded, you can use [URI::query “?$payload” $param_name] to parse a specific parameter value given the parameter name. Note that you prepend a ? to the payload to allow it to be parsed as a query string. See the second example below for details.

Examples

when HTTP_REQUEST {
   log local0. "Query string of URI [HTTP::uri] is [URI::query [HTTP::uri]]"
}

Log output:
Query string of URI /path/to/file.ext?param1=value1&param2=value2 is param1=value1&param2=value2

when HTTP_REQUEST {
   log local0. "Value of query parameter \"param2\" from URI \"[HTTP::uri]\" is \"[URI::query [HTTP::uri] param2]\""
}

Log output:
Value of query parameter "param2" of URI "/path/to/file.ext?param1=value1&param2=value2" is "value2"

when RULE_INIT {

   log local0. "\[URI::query \"?param1=val1&param2=val2\" param1\]: [URI::query "?param1=val1&param2=val2" param1]"
   log local0. "\[URI::query \"param1=val1&param2=val2\" param1\]: [URI::query "param1=val1&param2=val2" param1]"
}

Log output:
[URI::query "?param1=val1&param2=val2" param1]: val1
[URI::query "param1=val1&param2=val2" param1]:

Note that the first log statement returns the correct value for the parameter named param1. This is because the test “payload” has a question mark prepended to it. This type of functionality could be used to parse parameter values after collecting the payload.