Forum Discussion
Cindy_127211
Nimbostratus
NimbostratusMatchclass for 'Address' Data Group Doesn't seem to work
The matchclass statement in the following rule doesn't seem to work. It never appears to match or not match any of the client IP addresses that are sent. What am I doing wrong?
class internal_net {
network 10.0.0.0 mask 255.0.0.0
network 64.57.32.0 mask 255.255.240.0
network 65.167.38.0 mask 255.255.255.0
network 127.0.0.0 mask 255.0.0.0
network 192.168.0.0 mask 255.255.0.0
network 208.21.56.0 mask 255.255.255.0
network 216.230.48.0 mask 255.255.240.0
}
rule IPRO_NONSSL_PROD {
when HTTP_REQUEST {
log local0. "client ip: [IP::client_addr]"
if { not [matchclass [IP::client_addr] eq $::internal_net] and [HTTP::uri] starts_with "/ipro/tpip/" } {
log local0. "IP not in internal_net class"
discard
}
elseif { [HTTP::uri] starts_with "/ipro" }
{
log local0. "IPRO starts with /ipro"
if { [HTTP::uri] starts_with "/ipro/servlet/acSnoop" }
{ log local0. "IPRO starts with /ipro/servlet/acSnoop"
pool ipro83sbox }
else {
log local0. "Redirect for ipro"
HTTP::redirect https://[HTTP::host][HTTP::uri] }
}
else { pool ipro83sbox }
}
}
- JRahm
Admin
From the user manual:
findclass
The findclass command searches a data group list for a member that starts
with and returns the data-group member string. This is similar to the matchclass command, except that the member is not required to be
equal; instead, the member is only required to start with the string and the command returns the entire member value.
The syntax of the findclass command is:
findclass
HTH
