Forum Discussion
hooleylist
Dec 17, 2008Cirrostratus
Hi Dhaval ,
Can you add logging to the rules and post the log output? In a simple test with priority and event disable the result was okay:
rule event_disable_rule {
when HTTP_REQUEST priority 100 {
log local0. "Priority 100"
event disable all
}
when HTTP_REQUEST priority 200 {
log local0. "Priority 200"
}
}
rule event_disable2_rule {
when HTTP_REQUEST priority 201 {
log local0. "Priority 201"
}
}
Log output:
Dec 17 12:27:07 tmm tmm[1810]: Rule event_disable_rule : Priority 100
As expected, event disable prevents the second and third log statements from executing.
Also, you should be wary of taking any value from the host header and inserting it in a response header. This could be used in HTTP response splitting attacks (Click here).
Aaron