I used
when CLIENT_ACCEPTED {
TCP::collect 200
}
when CLIENT_DATA {
if { [TCP::payload] matches_regex "/vMoD.+Y"} {
set uri [[TCP::payload] matches_regex "/vMoD.+Y"]
log local0. $uri
} else {
log local0. "no match"
}
}
to match on the URI as the sample Joe provided would not find the URI b/w GET and HTTP/1.0. However, the ltm log is giving me
Mar 9 13:44:26 tmm tmm[824]: 01220001:3: TCL error: Rule vmod_search - invalid command name "GET /vMoD/vMoDSearch?search_type=1&search_string=Bob%20Dylan&suppress_art=Y HTTP/1.0 Host: moddev1.ztango.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.7,ko-kr;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive " while executing "[TCP::payload] matches_regex "/vMoD.+Y""
While I am still allowed to connect to the server. I am not sure if I am doing something illegal within regex pattern?