Raise ASM violation based on return JSON element value
I have a strange requirement to be able to shun (block connections from a source IP) for a fixed time period based on the number of times a certain value is returned to a JSON request (a return value against a parameter in the JSON response). I have been trying to do this by triggering an ASM violation for this pattern but its proving tricky.
The sample message for example would be:
http://rest.mydomain.com/mobileapp/mobile?action=DoSomething&Serial=111111111&typeid==1&RequestType=1111111
Response may be (this isn't well formed it just to illustrate the concept);
jsonCallbackData({"response":{"resultCode":"1112","resultType":"1111111"}}};
Logic I am trying to embed for example is something like should a source IP have a resultCode of 666 returned more that 10 times in 5 minutes raise a security violation (and block for a set period of time).
I have tried a variety of ideas, has any tackled a simular problem?
Thanks for your help