Forum Discussion

Nimbostratus

Feb 29, 2016

A question about "use irules to filter the TCP payload 's keywords"

DEAR ALL I want to use irules to filter the KEYWword “select” in a oracle TNS query packet. Here is the irules， but it does not operate .After use the Irule in VirtualServer, I still...

application delivery

iRules

Kai_Wilke

MVP

Mar 01, 2016

Hi Luojichen,

If the HEX stream of wireshark contains readable SQL statements then [TCP::payload] could match the content. For further troubleshooting I would recommend to use the following code...

when CLIENT_ACCEPTED {
    if { not ([IP::client_addr] contains 1.1.1.1) } then { return }
    TCP::collect
}
when CLIENT_DATA {
    log local0.debug "TSN Data: [TCP::payload]"
    if { [string tolower [TCP::payload]] contains "select" } then {
        log local0.debug "Request is a \"select\" statement."
        reject
    }     
    TCP::release    
    TCP::collect
}

Note: Change the 1.1.1.1 to reflect the IP of your Client PC running the SQL query.

Cheers, Kai

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)