Forum Discussion
What_Lies_Bene1
Oct 02, 2013Cirrostratus
If you do actually have a HTTP profile assigned, try this (I've just tidied up the test expression);
when HTTP_REQUEST {
if { ! [IP::addr [IP::client_addr] equals 10.0.0.0/24) } {
log local0. "Client IP: [IP::client_addr]"
switch -glob [string tolower [HTTP::uri]] {
"/admin" { log local0. "ADMIN" drop log local0. "Dropped admin [IP::client_addr]" }
"/wp-login" { log local0. "LOGIN" drop log local0. "Dropped login [IP::client_addr]" }
default { return }
}
}
}
If you don't have a HTTP profile assigned, change the event to 'when CLIENT_ACCEPTED'.