Example 1
This simple example shows sessioning on one REQ buffer field USERID
, which can
be a maximum of 32 bytes long.
Since there is no REQFilterTCL parameter, all hits are subject to sessioning. From analysis of the USERID field, the USERID was determined to be in GUID format, so the default hash key (bytes 5 through 8) of USERID is used.
[TLSessioning]
TypeName=TLSessioning
DLL=SessionAgentRulesEngine.dll
DownStreamConfigSection=Null
ResponseType=All
EnvironmentScript=EngineEnvironment.tcl
ActionScript=TLSessioning.Action.tcl
PreProcScript=TLSessioning.PreProc.tcl
MaxSessions=10000
PrimarySessField=USERID
PrimaryLooseStrict=Strict
PrimaryMaxFieldLen=32
Example 2
Example 2 is a slight elaboration on example 1, using JSESSIONIDs. Only hits where TealeafPassiveCapture2 is the CaptureSource are used.
Examination of some JSESSIONID examples reveals the following:
JSESSIONID=0000NMkvrBPJZ_CDI6uwIGn2mc5:-1
JSESSIONID=0000Fnvv6ZSGhoYwYYGnhO0o9uP:-1
JSESSIONID=0000RxQRv-FOyXbf_HqSo8sgE9t:-1
JSESSIONID=0000h9fQp-aVTadt7TAw4IksSXP:-1
JSESSIONID=0000BvLWMKVi8qNs8G6OC12tF8V:-1
JSESSIONID=0000b3N00Y8Af0Miv54CkeijtTL:-1
Bytes 5 through 27 are the sessioning field, and bytes 5 through 9 are the hash key.
The appropriate configuration is the following:
[TLSessioning]
TypeName=TLSessioning
DLL=SessionAgentRulesEngine.dll
DownStreamConfigSection=Null
ResponseType=All
EnvironmentScript=EngineEnvironment.tcl
ActionScript=TLSessioning.Action.tcl
PreProcScript=TLSessioning.PreProc.tcl
MaxSessions=10000
REQFilterTCL=string equal "TealeafPassiveCapture2" \
[REQBufVal "CaptureSource"]
PrimarySessField=JSESSIONID
PrimaryLooseStrict=Strict
PrimaryMaxFieldLen=32
PrimarySessFieldMaskOFF=4 26
PrimaryHashKeyOFF=4 8