Ignoring sessions example
The Ignore sessions policy shows two different methods of ignoring certain policies.
The Ignore sessions policy contains two rules:
- The first rule ignores sessions that meet specific criteria (client IP, server IP, and source program language).
You can include specific criteria in a group.
-
- Example- You can include specific criteria in a group
- The second rule ignores invisible binary traffic, for example, background encrypted SSL or TLS sessions, which are useless but can overload the sniffer. Setting the Packets limit to 50 on the IGNORE SESSION rule action states that if the session does not encounter a query within the first 50 packets, then ignore the session.
Rule 1:
- Session level criteria:
- Client IP address = 10.10.10.10
- Server IP address = 20.20.20.20
- Source application = JAVA%
- Rule action = DISCARD SESSION
Rule 2:
- Session level criteria: None
- Rule action: IGNORE SESSION
Packets limit = 50
SR language example
SR_POLICIES
{
IF (CLIENT_IP = '10.10.10.10' SOURCE_PROGRAM = 'JAVA%' SERVER_IP = '20.20.20.20')
{
DISCARD_SESSION
}
IF (*)
{
IGNORE_SESSION PACKETS_LIMIT = 50
}
}