Forum Discussion
Spence_Faschin1
Nimbostratus
NimbostratusRewrite a uri (not redirect)
I have a need to rewrite a uri, and make this look transparent to the end user. What I have come up with is this:
when HTTP_REQUEST {
set loop 0
set max [llength $::shortur...
That is a very good point. You have obviously thought about this. Of course, it will all really depend on just how often you expect to match. If it does not match often, then you are completely correct. If it matches regularly, then you would likely want to save the result in a variable. Another factor to weigh is the number of elements in the class/datagroup.
For those that are interested and paying attention, I'm now going to mention a YASF (yet another stealth feature):
You can enable timing statistics in a rule which will allow you to see just how many cycles are spent evaluating a given rule event. The way you do this is with the "timing on" statement.
An example that enables timing for all subsequent events in a rule is:
rule my_fast_rule {
timing on
when HTTP_REQUEST {
Do some stuff
}
}
An example of only timing a specific event is:
rule my_slow_rule {
when HTTP_REQUEST timing on {
Do some other stuff
}
}
This will then collect timing information each time the rule is evaluated and can be viewed with "b rule show all". You'll likely only want to look at the average and min numbers as max is often way, way out there due to the optimizations being performed on the first run of the rule. Additionally, enabling timing does have some overhead, though it should be negligible.
