Forum Discussion

Nimbostratus

Feb 29, 2016

A question about "use irules to filter the TCP payload 's keywords"

DEAR ALL I want to use irules to filter the KEYWword “select” in a oracle TNS query packet. Here is the irules， but it does not operate .After use the Irule in VirtualServer, I still...

application delivery

iRules

Kai_Wilke

MVP

Mar 01, 2016

Hi Luojichen,

you provided iRule inspects just the first TCP-Datagram of a TCP-Session. In addition to that it would just blocks "select" but not "SELECT" nor "SeLeCt". You may try the iRule below to inspect the entire TCP-Session and to negate the CASE of the SQL statements.

when CLIENT_ACCEPTED {
    TCP::collect 
}
when CLIENT_DATA {
    if { [string tolower [TCP::payload 200]] contains "select" } then { 
        reject 
    } 
    TCP::release
    TCP::collect
}

Note: Include some log statements as recommended by Josiah. It would help you to see whats going on on the wire.

Cheers, Kai

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)