« previous next »
Pages: [1]   Go Down

Author Topic: Responder policy assistance  (Read 170 times)

Offline lbeng

  • Contributor
  • *
  • Posts: 7
  • Karma: 1
Responder policy assistance
« on: June 19, 2010, 03:34:04 AM »
I am trying to create a responder policy that will restrict access to a vserver using a list of networks. If a source IP is not included in this list the action will be to respond with a 404 message.

add responder action resp-action-1 respondwith q{"HTTP/1.1 404 NOT FOUND\r\n"}

add responder policy resp-pol-1 "CLIENT.IP.SRC.IN_SUBNET(10.192.168.0/24)&&CLIENT.IP.SRC.IN_SUBNET(100.101.0.0/16).NOT && HTTP.REQ.HOSTNAME.CONTAINS("www.test123.com")" resp-pol-1

This does not seem to be functioning as expected. Any ideas?
Logged

Offline evildani

  • Administrator
  • Hero Member
  • *****
  • Posts: 290
  • Karma: 17
Re: Responder policy assistance
« Reply #1 on: July 08, 2010, 01:17:53 AM »
You need to use the OR operator between the Subnets, since you cannot be in two subnets at the same time.
Hope this bit of advice helps...

Daniel
Logged

Offline jmelika

  • Administrator
  • Hero Member
  • *****
  • Posts: 294
  • Karma: 5
Re: Responder policy assistance
« Reply #2 on: July 08, 2010, 01:43:25 AM »
The two IP cases in your policy definitely don't go together.  If in subnet 10.192.168.0/24, then you're already NOT in 100.101.0.0/16.  Are you getting any hits to the policy?  Trying to figure out if the issue is with the policy or the action.

Also, it looks like you're binding the policy to itself, not to the action.  See that very last part of your policy?  It's resp-pol-1.  It should be resp-action-1.
Logged

Offline Paul B

  • Hero Member
  • *****
  • Posts: 123
  • Karma: 15
Re: Responder policy assistance
« Reply #3 on: July 09, 2010, 07:11:59 PM »
Quote from: lbeng on June 19, 2010, 03:34:04 AM

add responder policy resp-pol-1 "CLIENT.IP.SRC.IN_SUBNET(10.192.168.0/24)&&CLIENT.IP.SRC.IN_SUBNET(100.101.0.0/16).NOT && HTTP.REQ.HOSTNAME.CONTAINS("www.test123.com")" resp-pol-1


Guys, there's a single "NOT" in there, confusing things, I think there should be 2 nots.... also the "" marks in the URL must be escaped with \ , and the action needs correcting:

add responder policy resp-pol-1 "CLIENT.IP.SRC.IN_SUBNET(10.192.168.0/24).NOT && CLIENT.IP.SRC.IN_SUBNET(100.101.0.0/16).NOT && HTTP.REQ.HOSTNAME.EQ(\"www.test123.com\")" resp-action-1

"If its NOT in subnet1 AND it's NOT in subnet2 AND it IS the matching URL then give the 404".... that sounds about right to me


paul
Logged
Pages: [1]   Go Up
« previous next »