[Oisf-users] Suricata 1.4 http keywords in rule options, how does matching occur for http_header?
Matt
matt at somedamn.com
Thu Jan 24 14:15:41 UTC 2013
I would find that useful, especially if it increases efficiency in the
same way as http_user_agent. Among other things, I use Suricata to
match blacklists of known bad URLs, and all those rules include a
content match for the HTTP Host.
Matt
On 1/24/2013 3:13 AM, Peter Manev wrote:
>
>
> On Thu, Jan 24, 2013 at 9:11 AM, Anoop Saldanha
> <anoopsaldanha at gmail.com <mailto:anoopsaldanha at gmail.com>> wrote:
>
> On Thu, Jan 24, 2013 at 1:37 PM, Peter Manev <petermanev at gmail.com
> <mailto:petermanev at gmail.com>> wrote:
> >
> >> However, any of the techniques mentioned above isn't a
> foolproof way
> >> to match on the host header. The right way would be to provide
> a new
> >> keyword called "http_host".
> >>
> > Anoop or Vincent would you please put in feature request for that?
> >
>
> We should probably consult users/rule-writers if such a keyword would
> be useful to them?
>
> --
> Anoop Saldanha
>
> sure
>
>
> --
> Regards,
> Peter Manev
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130124/dcb59853/attachment-0002.html>
More information about the Oisf-users
mailing list