Forum Discussion
Kevin_Stewart
Jul 10, 2014Employee
Data groups don't really support wildcard matching, so you'd necessarily need an if/switch tree for the URI patterns, but then you can absolutely use a data group for the IP list. Try this:
when HTTP_REQUEST {
if { [string tolower [HTTP::uri]] starts_with "/blah" } {
switch -glob [string tolower [HTTP::uri]] {
"/blah/blah1*" {
log local0. "blah1"
do something
}
"/blah/blah2*" {
log local0. "blah2"
do something
}
"/blah/blah3/*" {
log local0. "blah3/"
do something
}
"/blah/blah3*" {
log local0. "blah3"
do something
}
"/blah/blah4/*/foo1/foo2*" {
log local0. "blah4/foo"
do something
}
"/blah/blah4/*" {
log local0. "blah4/"
do something
}
"/blah/blah5/blah6-*" {
log local0. "blah5/6"
do something
}
default {
log local0. [IP::client_addr]
if { [class match [IP::client_addr] equals my_ip_list] } {
do something
}
}
}
} else {
if { [class match [IP::client_addr] equals my_ip_list] } {
do something
}
}
}