Hi,
I tested and was able to reproduce the TMM restart using the last rule you posted. I think the reason TMM is restarting is that the matchclass function is expecting a class for the comparison, but you are passing it a string.
I would suggest contacting support to address this failure as the GUI should either prevent you from adding this, or TMM should handle the error more gracefully.
As far as getting the rule working, I would start by creating a class/datagroup called "internal_hosts_networks_class" with your IP address and the following rule. Verify your request is dropped:
when HTTP_REQUEST {
if { [matchclass [IP::remote_addr] equals $::internal_hosts_networks_class]) } {
log local0. "client: [IP::remote_addr] requested [HTTP::host][HTTP::uri] and was dropped"
discard
}
}
If that works, then add the class for the protected URIs (my_protected_uris) and retest. All requests that match the class should be dropped.
when HTTP_REQUEST {
if { [matchclass [HTTP::uri] contains $::my_protected_uris] } {
log local0. "client: [IP::remote_addr] requested [HTTP::host][HTTP::uri] and was dropped"
discard
}
}
Then combine these rules and test again:
when HTTP_REQUEST {
if { [matchclass [HTTP::uri] starts_with $::my_protected_uris] and (not [matchclass [IP::remote_addr] equals $::internal_hosts_networks_class]) } {
log local0. "client: [IP::remote_addr] requested [HTTP::host][HTTP::uri] and was dropped"
discard
}
}
With the last rule, your request should not get dropped if your IP address or network is in the internal_hosts_networks_class.
Hope this helps.
Aaron