Using session-level and advanced session-level policies

Use session-level policies or advanced session-level policy scripts to validate incoming packets and define actions based on the result. This guide describes the criteria, actions, and other elements available for creating session level policies and advanced session level policies.

In the SR language examples, you can map the parameters (that is, parameter = variable) directly to most UI examples. Take for example the following SR language snippet:
SR_POLICIES
{
        IF (CLIENT_IP = '10.10.10.10' SOURCE_PROGRAM = 'JAVA%' SERVER_IP = '20.20.20.20')
        {
                IGNORE_SESSION
        }
        IF (*)
        {
                IGNORE_SESSION PACKETS_LIMIT = 50
        }
}
  • CLIENT_IP criteria in the SR language maps to Client IP address in the UI
  • SERVER_IP maps to Server IP address.
  • SOURCE_PROGRAM maps to Source application.
In addition, the { IGNORE_SESSION } code in the SR language maps to the IGNORE SESSION rule action in the UI.

In this guide, you can find the mappings between the SR language and UI elements.

In the guide, the UI name is generally on the left, and the SR language name is on the right. The SR language name is shown in parentheses. For example, looking at search parameters:
Request types available for actions with search parameters:

    LOGIN FAILED (LOGIN_FAILED)
    PREPARED STATEMENT (PREP_STAT)
    RPC (RPC)
    SQL (SQL)
    SQL ERROR (SQL_ERROR)
    SQL SUCCESS (SQL_SUCCESS)
LOGIN FAILED in the UI maps to LOGIN_FAILED in the SR language, PREPARED STATEMENT in the UI maps to PREP_STAT in the SR language.