yves_werniers_1
Oct 14, 2009Nimbostratus
class and v9.1.2
Hello,
It seems like the class command was introduced in v10.0, whereas matchclass was introduced in v9.0.
I am running v9.1.2. How can I cerate something classlike and use classmatch?
I want to limit connections to certain url/uri combinations based on the source ip address. I am using the X-Forwarded-For header because it is behind a reverse proxy.
This is the script I would like to use:
class hrmstest_uris {
"/hraccent/ess/client_prod"
"/hraccent/ess/login.php?company=client_prod"
"/hraccentops/ess/client_prod"
"/hraccentops/ess/login.php?company=client_prod"
}
when HTTP_REQUEST {
set my_uri [string tolower [HTTP::uri]]
if {[HTTP::host] == "www.host.com" and [matchclass $my_uri starts_with $::hrmstest_uris] } {
if { [HTTP::header X-Forwarded-For] != "ip1" and [HTTP::header X-Forwarded-For] != "ip2" and [HTTP::header X-Forwarded-For] != "ip3"}{
log local0. "\[request blocked\] : [HTTP::header X-Forwarded-For]"
drop
}
}
}