Forum Discussion
Eric_Weiss_2486
Feb 26, 2016Nimbostratus
I figured it out and was able to come up with something a little more elegant. Also, added logging for cookie and user-agent. The rule broke when adding all of the || and && conditions, like above. Changed logic for HTTP::cookie so that it isn't using 'not' (since that expects a numeric value instead of alpha), and changed the HTTP::uri regex that wasn't working, to HTTP::host.