Michael_Mau_108
Feb 16, 2008Nimbostratus
REGEXP parsing URI
Hello all,
I have a customer who assigns each of his 100+ users with a service name, so he is able to indentify who each customer group is, and what environment they are trying to access (acceptance, test, or production. And example is XML_TCPP_T (test example). This service name is always capitol, and always the first part of the URI.
I have created an I-rule that should compare this service name, and reject requests based on whether it matches or not; but and having problems. I am not showing any errors in the i-rule stats, but the customer is saying requests that should be rejected are passing though.
We are currently using v.9.0.1, but have certified and are upgrading to v9.3.1 shortly. The only thing I can think of, is the "discard" line is not working as expected. I was hoping someone could take a look at my i-rule, or was wondering if there are any known errors with the discard command in my current version.
when HTTP_REQUEST {
if { [regexp matches_regex {XML_[A-Z]*_(P|T)} [HTTP::uri]] }
{
discard
}
}
Thanks for any unsight you can provide.
-Mike