Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

irule to match string in /var/log/ltm

Mohanad
Cirrostratus
Cirrostratus

Hello

i need irule irule to match string in /var/log/ltm so i can take action

0691T00000F8ZEYQA3.png 

i need to match on diA

 when BOTDEFENSE_ACTION {
     if {[$diA equals {"[AYrQyWEAAAAACxF5RBPJyPdDICteKxbw"}]} {
         set res [BOTDEFENSE::action tcp_rst]
		   BOTDEFENSE::action custom_response "sorry\ni am blocking you\n"
     }
 }

error:

01220001:3: TCL error: /Common/DevID_Logging <BOTDEFENSE_ACTION> - can't read "diA": no such variable   while executing "$diA equals {"[AYrQyWEAAAAACxF5RBPJyPdDICteKxbw"}"

3 REPLIES 3

JRahm
Community Manager
Community Manager

where are you setting diA variable? even when that gets set, $diA will be evaluated as a command and fail as well with the brackets, so you'll want to rewrite that to something like:

if { $dia eq "..."} {
  set res ...
}

I'm assuming your testing here, and likely you'll use tables to store the fingerprints? That'll be a lot of manual configuration of them otherwise.

I'm testing Device ID+ with ASM (PoC), i imported the iApp, and used the following irule, what i want to do something with it... im connecting to a website from another PC and i logged my device id and i want to blocked my pc.

when HTTP_REQUEST {
    if [HTTP::cookie exists _imp_apg_r_] {
        set deviceid [URI::decode [HTTP::cookie _imp_apg_r_]]
        log local0. "URL Decoded cookie is $deviceid"
        set deviceida [lindex [regexp -inline -- (?:"diA":")(.*?)(?:") $deviceid] 1]
        log local0. "diA = $deviceida"
        set deviceidb [lindex [regexp -inline -- (?:"diB":")(.*?)(?:") $deviceid] 1]
        log local0. "diB = $deviceidb"
        log local0. "IP is [IP::client_addr]"
        log local0. "Path os [HTTP::path]"
    } else {
    log local0. "No cookie"
    }
}

Hello Mohanad,

based on logging instruction on line 6, the variable that will contain diA is $deviceida

 

$diA does not exist in your code, there is no such line that sets diA variable/value pair

 

Moreover, as Jason already mentioned, your if statement will fail since you are using square brackets incorrectly -- to keep it simple their purpose in iRule would be for retrieving packet data such as [HTTP::header] , or for operations such as line 5 of your code where you calculate diA (read TCL references for a complete overview)

 

You will need to adjust BOTDEFENSE_ACTION if statement as follows:

 when BOTDEFENSE_ACTION {
     if { $deviceida equals "AYrQyWEAAAAACxF5RBPJyPdDICteKxbw" } {
         set res [BOTDEFENSE::action tcp_rst]
	 BOTDEFENSE::action custom_response "sorry\ni am blocking you\n"
     }
 }