Hi,
I’m wondering, does Layer-7 filtering really work?
I have a server, who serve some specific requests only. There is no need for anyone to connect to it. But for some reason there is a lot of people, who try to get something from server. All right requests should contain one pattern. If at least first request (GET) contains this pattern, it’s right client and should be allowed forever. If not, denied forever.
I tried to make such a construction, but it doesn’t work. I tried many times with right pattern, but always sent to deny list, no allowed. I tried to write regex in many ways, nothing works. Here is part of config:
/ip firewall layer7-protocol
add name=RightRequest regexp=“rightstring”
/ip firewall filter
…
add action=jump chain=forward dst-address=192.168.x.x dst-port=80 jump-target=Tohttp protocol=tcp
…
add action=accept chain=Tohttp src-address-list=Allowhttp
add action=drop chain=Tohttp src-address-list=Denyhttp
add action=add-src-to-address-list address-list=Allowhttp address-list-timeout=none-dynamic chain=Tohttp comment=“Add to Allow” layer7-protocol=
RightRequest
add action=add-src-to-address-list address-list=Denyhttp address-list-timeout=none-dynamic chain=Tohttp comment=“Add to Deny” layer7-protocol=
!RightRequest
…
Can anybody help with it?
Best Regards,
Ugis