Groups
Groups are combinations of parameters that can be used in rule conditions.
Multiple groups can be used in one rule.
Session level policy groups are defined like any other policy group using the Policy builder for data.
Advanced session-level policy groups are defined using the SR language as shown in the following examples.
Note:
- To specify a group within the policy, include one element of the group followed by the group ID.
In the following example,
admin
is one of the elements in group 1. Specify the remaining group elements at the end of the policy. - Group contents are always put at the end of policy snippets.
Example:
SR_POLICIES
{
IF (DB_USER != ('admin',1) { VERDICT_ATTACH }
GROUP_ID = 1 SIZE = 3 { 'root' 'sys' 'system' }
}
In this example, the condition includes DB_USER
,
admin
, and all users from GROUP_ID = 1
. Here
IF(*)
represents no conditionExample:
SR_POLICIES
{
IF (CLIENT_IP != '192.168.0.1' DB_USER = 'SCOTT' ) { VERDICT_ATTACH SELECT_SESSION }
IF (CLIENT_IP != ('192.168.0.2',176) DB_USER = 'SCOTT' ) { VERDICT_DETACH }
IF ( CLIENT_IP != '192.168.0.3' DB_USER = ('',177) { VERDICT_TERMINATE }
IF (*) { IGNORE_SESSION PACKETS_LIMIT = 30 }
IF (*) { TRANSFORM_SOURCE_PROGRAM MATCH_PATTERN = '' OUTPUT_FORMAT = 'SPECIAL JDBC'}
GROUP_ID = 176 TYPE = IP_ADDRESS SIZE = 8
{
'192.168.0.2' '192.168.0.3' '192.168.0.4'
'192.168.0.5' '192.168.0.6' '192.168.0.7'
'192.168.0.8' '192.168.0.9'
}
GROUP_ID = 177 SIZE = 2 { 'LEONID' 'SA' }
}
In this example, the groups represent different data types and ''
represents no
condition.
LIKE and NOT LIKE operator for groups
In the SR language used for advanced session-level policies, groups support the LIKE and NOT LIKE operators to search for wildcard values.
Example:
SR_POLICIES
{
IF (CLIENT_IP NOT LIKE ('192.168.0.2',176) DB_USER = 'SCOTT' ) { VERDICT_DETACH }
IF ( CLIENT_IP != '192.168.0.3' DB_USER LIKE ('',177) { VERDICT_TERMINATE }
GROUP_ID = 176 TYPE = IP_ADDRESS SIZE = 2
{
'192.168.%' '192.168.%'
}
GROUP_ID = 177 SIZE = 2 { 'LEON%' 'SA%' }
}
CIDR notation is supported for LIKE and NOT LIKE groups.
Examples:
192.168.1% Matches any IP starting with 192.168.1
2002:0920:C000:3146% Matches any IP starting with 2002:0920:C000:3146
192.168.128.1/17 11111111 11111111 10000000 00000000
Allows 32K-2 (hosts)in the subnet(15 bits for the hosts)
Similar to subnet mask of 255.255.128.0
2002:0920:C000:3146::0/61 11111111 11111111 11111111 11111111 11111111 11111111 11111111
11111000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000
Allows 2^67 hosts on subnet 2002:0920:C000:3146::0/61
Note: For session-level policies created using the policy builder, use the following keywords to
have a UI group considered as LIKE or NOT LIKE by default:
- &#like:yes
- &#like:no