Forum Discussion
The_Bhattman
Sep 16, 2009Nimbostratus
Hi Darkside,
I think your logic looks sound. I would put a open and close parentheses around the URI conditional evaluations so they are evaluated together before the matchclass evaluation. I would also lose the square brackets around $::inernal-ips and lowercase the URI
Like so
when HTTP_REQUEST {
if { !([matchclass [IP::client_addr] equals $::internal-ips]) and ((string tolower [[HTTP::uri]] contains "test.jsp") or (string tolower[HTTP::uri]] contains "stats.jsp")) } {
discard
}
}
Another way to right this is the following:
when HTTP_REQUEST {
if { !([matchclass [IP::client_addr] equals $::internal-ips]) } {
switch -glob [string tolower [HTTP::uri]] {
"*test.jsp" -
"*stats.jsp" { discard }
}
}
}
I wrote it the way above because I thought the first thing you want to evaluate is the Datagroup. if nothing matches then don't evaluate any further. In theory, it would make evaluations much faster then having to evaluate 3 conditions expressions in an IF clause.
I hope this helps
CB