Forum Discussion

luojichen_22420's avatar
luojichen_22420
Icon for Nimbostratus rankNimbostratus
Mar 01, 2016

A question about "use irules to filter the TCP payload 's keywords"

DEAR ALL   I want to use irules to filter the KEYWword “select” in a oracle TNS query packet. Here is the irules, but it does not operate .After use the Irule in VirtualServer, I still...
application delivery
iRules
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Mar 02, 2016

Hi Luojichen,

 

If the HEX stream of wireshark contains readable SQL statements then [TCP::payload] could match the content. For further troubleshooting I would recommend to use the following code...

 

when CLIENT_ACCEPTED {
    if { not ([IP::client_addr] contains 1.1.1.1) } then { return }
    TCP::collect
}
when CLIENT_DATA {
    log local0.debug "TSN Data: [TCP::payload]"
    if { [string tolower [TCP::payload]] contains "select" } then {
        log local0.debug "Request is a \"select\" statement."
        reject
    }     
    TCP::release    
    TCP::collect
}

Note: Change the 1.1.1.1 to reflect the IP of your Client PC running the SQL query.

 

Cheers, Kai