[Oisf-users] Suricata 1.4 http keywords in rule options, how does matching occur for http_header?

Vincent Fang vincent.y.fang at gmail.com
Thu Jan 24 13:32:30 UTC 2013


I will run the test again today with your suggestions, sorry for the delay
in responses.


On Thu, Jan 24, 2013 at 3:13 AM, Peter Manev <petermanev at gmail.com> wrote:

>
>
> On Thu, Jan 24, 2013 at 9:11 AM, Anoop Saldanha <anoopsaldanha at gmail.com>wrote:
>
>> On Thu, Jan 24, 2013 at 1:37 PM, Peter Manev <petermanev at gmail.com>
>> wrote:
>> >
>> >> However, any of the techniques mentioned above isn't a foolproof way
>> >> to match on the host header.  The right way would be to provide a new
>> >> keyword called "http_host".
>> >>
>> > Anoop or Vincent would you please put in feature request for that?
>> >
>>
>> We should probably consult users/rule-writers if such a keyword would
>> be useful to them?
>>
>> --
>> Anoop Saldanha
>>
> sure
>
>
> --
> Regards,
> Peter Manev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130124/06319a21/attachment-0002.html>


More information about the Oisf-users mailing list