[Oisf-devel] Request adding support http_uri with distance please
Anoop Saldanha
anoopsaldanha at gmail.com
Wed Jul 25 14:55:03 UTC 2012
On Wed, Jul 25, 2012 at 8:13 PM, rmkml at yahoo.fr <rmkml at yahoo.fr> wrote:
> Hi,
> Since Snort v2.9.0, it's allow two http_uri followed by within/distance.
>
> Like this : (GET /abc.html)
> '... content:"/a"; nocase; depth:2; offset:0; http_uri; content:"bc";
> nocase; within:2; distance:0; http_uri; ...'
>
> But Suricata v1.3.0 not fire (no errors).
> It's possible to add this feature please ?
>
> Regards
> Rmkml
>
>
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
Surprised that it doesn't work. Content inspection engine has been
designed to work uniformly across all all_buffers.
Can you open a bug on this?
--
Anoop Saldanha
More information about the Oisf-devel
mailing list