Skip to main content

Session agent reference

Session agent reference

Custom drop rules

This topic documents the configuration options specific to SessionAgent DataDrop. These options should be placed in the configuration file of the capture source.

In addition to the pre-configured drop rules, you can define up to 100 custom rules that select hits to drop. To define a rule, add a Drop rule to the configuration section, as in the following example:


Drop1=reqfield url contains /company/\

The DataDrop session agent loads rules Drop1 through Drop100 and evaluates them in that order.

You can specify the following types of rules.

  • REQFIELD rules match the values of fields in the request buffer. See REQFIELD rules.
  • REQSECTION rules test for the existence of text in a specified section of the request buffer. See REQSECTION rules.
  • REQUEST and RESPONSE rules test for the existence of text in the request or response buffers, respectively. See REQUEST and RESPONSE rules.

REQFIELD rules

These rules are in the following format: 

REQFIELD NAME OPERATOR TEXT MODIFIER

where:

  • NAME is the case-sensitive name of the field variable you want to examine.
  • OPERATOR is one of the following operators: 
    
CONTAINS EQ GE GT LE LT NE PARTOF
Operator Description
CONTAINS field value contains TEXT value. e.g. URL value contains .asp.
EQ field value equals TEXT value
GE (numeric fields only) field value is greater than or equal to TEXT value
GT (numeric fields only) field value is greater than TEXT value
LE (numeric fields only) field value is less than or equal to TEXT value
LT (numeric fields only) field value is less than TEXT value
NE (numeric fields only) field value is not equal to TEXT value
PARTOF field value is one entry in the list of TEXT values. Values must be semicolon-separated. For example, the state abbreviation CA is a subset of the list CA;OR;WA;HI;AK.
Note: Matches are entire string matches. Partial matches are not supported.

You can negate the above operators with NOT. For example:


NOT CONTAINS
NOT GE
  • TEXT is the text you want to use with the operator.
  • MODIFIER is an optional keyword that tells the operators to ignore or match the case of the field value and text. For example: 
    
REQFIELD remote_host EQ server1 IGNORECASE
REQFIELD remote_host EQ ExactServer MATCHCASE
  • If you do not specify MODIFIER, then the operators ignore the case of the letters in the value and text.

To include spaces in the name or text, surround the name or text with quotation marks. For example:


reqfield "name with spaces" contains "text with spaces"

If both the field value and the text can be evaluated as numbers, then the following operators perform numeric tests:


EQ GE GT LE LT NE

Otherwise, both the value and text are treated as text.

REQSECTION rules

These rules have the following format:


REQSECTION NAME CONTAINS TEXT MODIFIER

where:

  • NAME Name of the section you want to search.
  • TEXT is the text for which you are looking.

    This value may also be a delimited list.

  • MODIFIER The same optional keyword as in REQFIELD.

You can negate the CONTAINS operator with NOT. For example:


REQSECTION env NOT CONTAINS 10.20.40.50

REQUEST and RESPONSE rules

These rules have the following forms:


REQUEST CONTAINS TEXT MODIFIER
RESPONSE CONTAINS TEXT MODIFIER

where:

  • TEXT is the text for which you are looking.

    This value may also be a delimited list.

  • MODIFIER is the same optional keyword as in REQFIELD.

You can negate the CONTAINS operator with NOT. For example:


RESPONSE NOT CONTAINS "something went wrong"

Related articles

community icon

Join the community

Ask questions, share best practices, and connect with fellow marketers.

Ask a question

Academy

Read how-to articles, guides, and more to help you on the path to success.

Learn more