Forum Discussion
unRuleY_95363
Mar 29, 2005Historic F5 Account
Ok, you have a couple of problems.
The first is that it appears you have typed the "rule {" portion into the GUI text box. When entering rules in the GUI, you must leave out the "rule {}" part of the rule. You enter the at the top and then enter the rule body (the when statements) in the text box.
When this gets saved into the config file, it then appears with the "rule {...}" part automatically added.
The second problem is how tcp_content now works in 9.0. In order for the tcp_content (which is really now called TCP::payload) to work, you must first specify how much you want to collect. In your case, it appears that you want to collect 2500 bytes. So, a rule that gathers 2500 bytes would look like this:
when CLIENT_ACCEPTED {
TCP::collect 2500
}
when CLIENT_DATA {
set usrid [findstr [TCP::payload] "USERNAME=" 9 "t"]
if {$usrid ne ""} {
persist uie $usrid
log local0. "Persisting $userid"
}
}
Hope this helps.