Ignoring sessions example

The Ignore sessions policy shows two different methods of ignoring certain policies.

The Ignore sessions policy contains two rules:
  • The first rule ignores sessions that meet specific criteria (client IP, server IP, and source program language).
You can include specific criteria in a group.
    • Example- You can include specific criteria in a group
  • The second rule ignores invisible binary traffic, for example, background encrypted SSL or TLS sessions, which are useless but can overload the sniffer. Setting the Packets limit to 50 on the IGNORE SESSION rule action states that if the session does not encounter a query within the first 50 packets, then ignore the session.
Rule 1:
  • Session level criteria:
    • Client IP address = 10.10.10.10
    • Server IP address = 20.20.20.20
    • Source application = JAVA%
  • Rule action = DISCARD SESSION
Rule 2:
  • Session level criteria: None
  • Rule action: IGNORE SESSION

    Packets limit = 50

SR language example

SR_POLICIES
{
        IF (CLIENT_IP = '10.10.10.10' SOURCE_PROGRAM = 'JAVA%' SERVER_IP = '20.20.20.20')
        {
                DISCARD_SESSION
        }
        IF (*)
        {
                IGNORE_SESSION PACKETS_LIMIT = 50
        }
}