Contribute Open Script

Payload inspection sample 3: substitute request payloads when url matches

by lix ‎04-01-2014 04:50 PM - edited ‎04-02-2014 03:46 PM (1,370 Views)

Tested with Brocade ServerIron ADX : Yes

Description :

if request url matches "index", ADX will inspect the request payload content. When any words in the payload matches patterns 'Stanford Digital Library', 'AOLs premium-video-services', 'The technology in RankDex would be patented and used later when Li founded Baidu in China.Convinced that the pages with the most', ADX will sbstitute the matched patterns with the target words directly in the request payload. With OS_PAYLOAD_INSPECT::substitute, no extra event  will be triggered.

 

use OS_SLB;
use OS_HTTP_REQUEST;
use OS_PAYLOAD_INSPECT;

sub HTTP_REQUEST {
    my $url = OS_HTTP_REQUEST::url;


    print "Request url is: $url\n";

 

    if ( $url =~ /index/ ) {
        OS_PAYLOAD_INSPECT::substitute('Stanford Digital Library',' ========= REPLACED Metcalfe pursued TO VERY LONG STRING FOR TESTING SERVERIRON ADX - OPEN SCRIPT PAYLOAD INSPECT API ========= ',
                                       'The technology in RankDex would be patented and used later when Li founded Baidu in China.Convinced that the pages with the most',' @@@ WIRED NETWORKING @@@ ',
                                       'AOLs premium-video-services',' === CHANGED TO SMALL === ');
    }

 

    OS_SLB::forward(111);
}

 

Contributors