Forum Discussion
Joel_Moses
Apr 08, 2011Nimbostratus
Not sure if the APP pool matching is good enough with "glob" matching (you may need "regexp" matching depending on whether the string does or does not start with the data), but this might work:
when CLIENT_ACCEPTED {
TCP::collect 1
}
when CLIENT_DATA {
switch -glob [findstr [TCP::payload] "/siebel" 0 " "] {
"/siebel/finsobjmgr_enu" -
"/siebel/smobjmgr_enu" -
"/siebel/eaiobjmgr_enu" -
"/siebel/finsobjmgr_enu/rr" -
"/siebel/smobjmgr_enu/rr" -
"/siebel/eaiobjmgr_enu/rr" {
pool company.org_2321_pool
}
"/!5.*" {
pool APP01_2321_pool
}
"/!7.*" {
pool APP02_2321_pool
}
"/!9.*" {
pool APP03_2321_pool
}
"/!b.*" {
pool APP04_2321_pool
}
"/!d.*" {
pool APP05_2321_pool
}
default {
log local0. "Rejected request for [findstr [TCP::payload] "/siebel" 0 " "]"
discard
}
}
}