[Oisf-users] Suricata 1.4 http keywords in rule options, how does matching occur for http_header?

Peter Manev petermanev at gmail.com
Thu Jan 24 08:13:10 UTC 2013


On Thu, Jan 24, 2013 at 9:11 AM, Anoop Saldanha <anoopsaldanha at gmail.com>wrote:

> On Thu, Jan 24, 2013 at 1:37 PM, Peter Manev <petermanev at gmail.com> wrote:
> >
> >> However, any of the techniques mentioned above isn't a foolproof way
> >> to match on the host header.  The right way would be to provide a new
> >> keyword called "http_host".
> >>
> > Anoop or Vincent would you please put in feature request for that?
> >
>
> We should probably consult users/rule-writers if such a keyword would
> be useful to them?
>
> --
> Anoop Saldanha
>
sure


-- 
Regards,
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130124/f4d99c2e/attachment-0002.html>


More information about the Oisf-users mailing list