Hi,
I´m trying to validate a sec context with a perl function and writing an
output message in a a file using the assign variables in the string. I´m
using SEC 2.6.2. Can i use the variable from the varmap or i have to use
the context to pass the variable through the sec context?
________________________________________________________________________________
Perl Function(This function search if "elemento" is a part of hash key).
SecBlacklist.pm-->This file is loaded in the beginning and contains other
functions.
________________________________________________________________________________
sub contieneElemento{
my($elemento)=@_;
my($rep)=0;
for my $key (keys %ip){
if (index($key,$elemento)!= -1){
$rep=1;
}
}
return $rep;
}
1;
________________________________________________________________________________
The varmap alert is passed from other file with a Jump rule using a varmap.
I want to pass the url parameter to the perl function to be the url
validated in the method.
rules.conf
________________________________________________________________________________
#Varmap:
type = Jump
ptype = RegExp
desc = $0
continue = Takenext
pattern = Url:(.*)\sClient:(.*)
varmap = alert;url=1;client_ip=2
cfset=alertParam
alert.conf
________________________________________________________________________________
type = Options
joincfset = alertParam
procallin = no
type = Single
continue= TakeNext
desc = -
ptype = Cached
pattern = SEC_STARTUP|SEC_RESTART()
action = assign %category_Alert (Log); \
assign %summary_Alert (Alert: Blacklist);
type = Single
ptype = Cached
desc =ip_$+{client_ip}
context= $+{url} -> (sub { SecBlacklist::contieneElemento($_[0])==1} )
pattern = alert
continue=TakeNext
action = write C:\Alerts.log "Context OK!!!"
I´ve read the manual and i tried also like this:
context= $+{url} -> (sub { SecBlacklist::contieneElemento($_[0])==1} )
context= alert :> (sub { SecBlacklist::contieneElemento($_[0]->{'url'})==1}
)
context= alertParam :> (sub {
SecBlacklist::contieneElemento($_[0]->{'url'})==1} )
Thank you in advance Risto!.
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
