[Oisf-devel] http_raw_uri and relative offset request
rmkml
rmkml at yahoo.fr
Fri Jan 13 22:15:08 UTC 2012
Hi,
Im test suricata v1.2rc1 and I have a request please (if anyone confirm of course)
ok, create a sig with `content:"/test"; nocase; http_raw_uri; pcre:"/^abc/Rsmi";`
suricata send error:
[13087] 13/1/2012 -- 22:53:20 - (detect-pcre.c:1193) <Error> (DetectPcreSetup) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - No preceding content or uricontent or pcre option
but uri work with snort: GET /testabc HTTP/1.0...
`http_raw_uri` are little bit special because permit relative offset...
(http_raw_uri are like content but pattern searching only on http uri)
if Anyone confirm, Im create a new ticket...
Regards
Rmkml
More information about the Oisf-devel
mailing list