Leslie_South_55
Jan 31, 2008Nimbostratus
Multiple matchclass + "if" AND "if not"
I am trying to use both an 'if' and an 'if not' statement where both statements are looking at 2 different external class files. Here is the rule:
when HTTP_REQUEST {
log local0 "requested [HTTP::uri]"
if {not [matchclass [string tolower [HTTP::uri]] contains $::uri_block] } {
if {[matchclass [IP::client_addr] equals $::allowed] } {
log local0. "Valid Packet: [IP::client_addr] - [HTTP::uri] forwarding traffic"
} else {
log local0. "Invalid Packet: [IP::client_addr] - [HTTP::uri] discarding"
discard
}
}
}
it does not seem to be reading the entire rule, as I get log entries as follows:: Valid Packet: 10.2.6.31 - /AeXHD/user/default.aspx forwarding traffic
where the "user" is defined in the uri_block class (what I am trying to block access to)
and 10.2.6.31 is defined in the allowed class (one of the allowed client IP's)
Any help much appreciated.
-L