[Oisf-users] Inline problems with http_uri
Michael
hoffrath at gmx.de
Tue Oct 23 17:15:20 UTC 2012
Hello,
information:
Host: Ubuntu 12.04 64Bit running on esxi 4.1
Version: Suricata 1.3.2
Features: NFQ PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK HAVE_HTP_TX_GET_RESPONSE_HEADERS_RAW
I insert suricata with iptables which redirects all traffic to nfqueue 0.
I have the problem that i could not match any pakets while using http_uri or other http options.
My rule is: "drop tcp any any -> any any (msg:"index";flow:established,to_server;content:"/index.html";nocase;http_uri;sid:2;rev:2;)" even trying to use this rule from planet.suricata-ids.org "alert tcp any any -> any any (msg:"User-Agent abc http_user_agent"; content:"Mozilla"; http_user_agent; sid:2; rev:1;)" it fails.
I have absolut no clue why this happens, maybe someone could give me a clue?
Regards
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20121023/29d11b7e/attachment.html>
More information about the Oisf-users
mailing list