But the first request, in which the method saved on httpmethodprev variable, is not rejected.
Only the subsequent request successfully being rejected.can we count number of keyword (e.g. GET, HEAD) and reject when it occurs more than 1?
e.g.
[root@ve10:Active] config b virtual bar list
virtual bar {
snat automap
pool foo
destination 172.28.19.252:80
ip protocol 6
rules myrule
profiles {
http {}
tcp {}
}
}
[root@ve10:Active] config b rule myrule list
rule myrule {
when CLIENT_ACCEPTED {
TCP::collect
}
when CLIENT_DATA {
if { [llength [lsearch -all [TCP::payload] HEAD]] > 1 } {
reject
return
}
TCP::release
TCP::collect
}
}
[root@ve10:Active] config ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.20.17(47909) <-> 172.28.19.252(80)
1374923550.5707 (0.0007) C>S
---------------------------------------------------------------
HEAD /frist HTTP/1.1
Host:
HEAD /second HTTP/1.1
Host:
---------------------------------------------------------------
1 1374923550.5708 (0.0000) S>C TCP RST