Forum Discussion

luojichen_22420's avatar
luojichen_22420
Icon for Nimbostratus rankNimbostratus
Mar 01, 2016

A question about "use irules to filter the TCP payload 's keywords"

DEAR ALL   I want to use irules to filter the KEYWword “select” in a oracle TNS query packet. Here is the irules, but it does not operate .After use the Irule in VirtualServer, I still...
application delivery
iRules
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Mar 01, 2016

Hi Luojichen,

you provided iRule inspects just the first TCP-Datagram of a TCP-Session. In addition to that it would just blocks "select" but not "SELECT" nor "SeLeCt". You may try the iRule below to inspect the entire TCP-Session and to negate the CASE of the SQL statements. 

when CLIENT_ACCEPTED {
    TCP::collect 
}
when CLIENT_DATA {
    if { [string tolower [TCP::payload 200]] contains "select" } then { 
        reject 
    } 
    TCP::release
    TCP::collect
}

Note: Include some log statements as recommended by Josiah. It would help you to see whats going on on the wire.

Cheers, Kai