AppExpert

Configuring a data set

To configure a data set, you must specify the strings that server as a pattern, assign a type (number, IPv4 address, or IPv6 address) and configure the dataset range. You can manually assign a unique index value to the pattern, or you can allow the index values to be assigned automatically. Dataset is not related to HTTP or any 7 layer protocol. It works only on text or string. There are different types of dataset such as NUM, ULONG, IPv4, IPv6, MAC, DOUBLE. You can select a type and define the dataset range based on the specified type.

Note:

Policy data sets are case sensitive (unless you specify the expression to ignore case). Therefore, the MAC address ff:ff:ff:ff:ff:ff for example, is not the same as the MAC address FF:FF:FF:FF:FF:FF.

The rules applied for index values of data sets are similar to pattern sets. For information about index values, see Configuring a Pattern Set.

To configure a data set

You must complete the following steps to configure a data set:

  1. Add a policy dataset
  2. Bind pattern to a policy dataset
  3. Add a policy expression
  4. Verify the policy configuration

Add a policy dataset

At the command prompt, do the following:

add policy dataset <name> <type>

Example:

add policy dataset ds1 ipv4 -comment numbers

Bind a pattern to the data set

At the command prompt, type:

bind policy dataset <name> <value> [-index <positive_integer>] [-endRange <string>] [-comment <string>]

Example:

bind policy dataset ds1 1.1.1.1 endRange 1.1.1.10 -comment short description about the pattern bound to the data set

Note:

You must repeat this step for all the patterns you want to bind to the data set. You can bind only up to 5000 patterns to a dataset.

And, a dataset range must not overlap with other ranges bound to a dataset and cannot include single values bound to the dataset. If you bind a dataset with an overlapping range results in an error.

Example:

add policy dataset ip_set ipv4
 Done
bind policy dataset ip_set 2.2.2.25
 Done
bind policy dataset ip_set 2.2.2.20 -endRange 2.2.2.30
ERROR: The range overlaps an existing range or includes a value bound to the dataset.

A value is considered to be in the dataset if it is either equal to a single value bound to the data set or is between the lower-value and upper-value (lower-value <= value && value <- upper-value), for a range bound to the data set.

Use policy expression in a policy data set

At the command prompt, type:

add policy expression exp1 http.req.body(100).contains_any("ds1")

Where, The expression checks whether there is any pattern (or pattern within the range) bound to the dataset ds1 is present in the first 100 bytes of the HTTP request body.

Verify dataset configuration

At the command prompt, type:

show policy dataset ds1 > show policy dataset ds1

Example:

       Dataset:        ds1
        Type:   IPV4
1)      Bound Dataset Range from: 1.1.1.1       through: 1.1.1.10       Index:  1

To configure a data set by using the configuration utility

Follow the steps given below to configure a policy dataset:

  1. Navigate to AppExpert > Data Sets.
  2. In the details pane, under Data Sets, click Add.
  3. In the Configure Data Set page, set the following parameters.

    1. Name. Name of the policy data set.
    2. Type. Type of value to bind to the dataset.

    Configuring data set

  4. Click Insert to bind the dataset value of specific type.
    1. Value. Value of the specified type associated with the dataset.
    2. Index. The index value of the dataset.
    3. End range. The dataset entry. This is a range <value> to <end_range>.
    4. Comments. A short description about the data set.

    dataset binding

  5. Click Insert and Close.
  6. Enter comments.
  7. Click Create and Close.

Configuring a data set