Watcher action: substitute the found data in the "path" of action

hi!
I have a system for blocking IP addresses.
you can send a lock request to this system using curl:

curl -u username: password http://ipban.myhostname.com:4389/index.php?action=add&ip=122.54.95.111

I have a watcher that tracks an abnormally high number of requests from IP. I want it to block these IPs, which create a high number of requests.

but there is one problem:

  1. how to substitute the found IP address in the required section in the "path" field to send the correct curl to my system? data can be substituted only in the body field, but this field cannot be used as part of the path for curl (or am I mistaken?).

  2. how can I implement such a send curl with the necessary IP from the data received by the watcher?

     "actions": {
          "curl_block": {
     	   "webhook": {
     		"scheme": "http",
     		"host": "ipban.myhostname.com",
     		"port": 4389,
     		"method": "put",
     		"path": "/index.php?action=add&ip=122.54.95.111",
     		"params": {},
     		"headers": {},
     		     "auth": {
     			"basic": {
     			"username": "username",
     			"password": "password"
     			     }
     		      }
     		}
     	}
     }

Hi!
If your search returns:

  1. Just 1 IP, that task should be straightforward: just add the (mustache template) variable which contains it within your payload.

  2. A list of results and your ipban web service can handle multiple IPs passed in the url: you might build the variable section of your path using the mustache template options to iterate a list.

There is a good example of 1 and 2 in this response:

You can see the exact contents of your search using the simulation tab of your watch.

If you need more complex processing, you can also include a transform section with a script to make the modifications and replace the payload or add a field with the desired value.
Then you can use the resulting field like the previous points 1 or 2.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.