[Oisf-users] PCRE question
kay
kay.diam at gmail.com
Wed Jul 11 14:33:18 EDT 2012
Thanks for info, now I know more about it. But it is a custom suricata
modifier. I would suggest the author to try start suricata without
this modifier.
2012/7/11 Chris Wakelin <c.d.wakelin at reading.ac.uk>:
> On 11/07/2012 19:06, kay wrote:
>> I have noticed /H modifier. I've never heard about such modifier.
>>
>> "/Host\x3a ([0-9]{1,3}\.){3}[0-9]{1,3}/H"
>
> From
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords
> :-
>> H Makes pcre match on the HTTP-header. H can be combined with /R. Note that R is relative to the
>> previous match so both matches have to be in the HTTP-header body.
>
> plus several others!
>
> Best Wishes,
> Chris
>
More information about the Oisf-users
mailing list