Introduction

Rule hits can be extracted from HTTP responses in two ways:
  • by defining boundaries
  • by applying a regular expression

Defining boundaries

When a rule defines boundaries, any occurrence of a left boundary within an HTTP response marks the beginning of a rule hit. From this point onward within the HTTP response, the first occurrence of a right boundary marks the end of the rule hit.

Left boundaries can be defined in three ways:
  • Strings: Any occurrence of a given string in an HTTP response marks the beginning of a rule hit.
  • Regular Expressions: Any substring of a HTTP response that matches a specified regular expression marks the beginning of a rule hit.
  • Offset Calculations: HTTP responses are run through the Offset Calculation to determine the beginning of a rule hit. Offset Calculation is explained in section “Offset, Length”.
Right boundaries can be defined in four ways:
  • Strings: The next occurrence of a given string after the left boundary position marks the end of the rule hit.
  • Regular Expressions: The next sub string of the HTTP response matching the given regular expression after the left boundary position marks the end of the rule hit.
  • Length: The end of a rule hit is determined by running part of an HTTP response (from the beginning of the rule hit through to the end of the response) through a Length Calculation. Length Calculation is explained in Section “Offset, Length”.
  • Character type: The next character that matches a given set of character types marks the end of the rule hit.

Applying regular expressions

If a rule defines a regular expression, any substring of an HTTP response that matches that regular expression yields a rule hit. By default, the entire match is the rule hit. Alternately, the rule can define a tag number so that the tagged subexpression is the rule hit.

Note: Recording rules use the regular expression implementation as described in Structure of Regular Expressions. Additionally, some characters need special encoding since recording rules are stored in XML format. For more information, see Writing XML Files.
Parent topic: Section Search - Finding Rule Hits