[Oisf-users] Suricata 1.4 http keywords in rule options, how does matching occur for http_header?
Anoop Saldanha
anoopsaldanha at gmail.com
Thu Jan 24 14:44:00 UTC 2013
Sound good. Will open a feature request for "http_host" keyword;
On Thu, Jan 24, 2013 at 7:45 PM, Matt <matt at somedamn.com> wrote:
> I would find that useful, especially if it increases efficiency in the same
> way as http_user_agent. Among other things, I use Suricata to match
> blacklists of known bad URLs, and all those rules include a content match
> for the HTTP Host.
>
> Matt
>
> On 1/24/2013 3:13 AM, Peter Manev wrote:
>
>
>
> On Thu, Jan 24, 2013 at 9:11 AM, Anoop Saldanha <anoopsaldanha at gmail.com>
> wrote:
>>
>> On Thu, Jan 24, 2013 at 1:37 PM, Peter Manev <petermanev at gmail.com> wrote:
>> >
>> >> However, any of the techniques mentioned above isn't a foolproof way
>> >> to match on the host header. The right way would be to provide a new
>> >> keyword called "http_host".
>> >>
>> > Anoop or Vincent would you please put in feature request for that?
>> >
>>
>> We should probably consult users/rule-writers if such a keyword would
>> be useful to them?
>>
>> --
>> Anoop Saldanha
>
> sure
>
>
> --
> Regards,
> Peter Manev
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
>
>
--
Anoop Saldanha
More information about the Oisf-users
mailing list