Forum Discussion

Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Jul 10, 2014

Data groups don't really support wildcard matching, so you'd necessarily need an if/switch tree for the URI patterns, but then you can absolutely use a data group for the IP list. Try this:

when HTTP_REQUEST {
    if { [string tolower [HTTP::uri]] starts_with "/blah" } {
        switch -glob [string tolower [HTTP::uri]] {
            "/blah/blah1*" {
                log local0. "blah1"
                 do something
            }
            "/blah/blah2*" {
                log local0. "blah2"
                 do something
            }
            "/blah/blah3/*" {
                log local0. "blah3/"
                 do something
            }
            "/blah/blah3*" {
                log local0. "blah3"
                 do something
            }
            "/blah/blah4/*/foo1/foo2*" {
                log local0. "blah4/foo"
                 do something
            }
            "/blah/blah4/*" {
                log local0. "blah4/"
                 do something
            }
            "/blah/blah5/blah6-*" {
                log local0. "blah5/6"
                 do something
            }
            default {
                log local0. [IP::client_addr]
                if { [class match [IP::client_addr] equals my_ip_list] } {
                     do something
                }
            }
        }
    } else {
        if { [class match [IP::client_addr] equals my_ip_list] } {
             do something
        }
    }
}