[Oisf-users] Suricata 1.4 http keywords in rule options, how does matching occur for http_header?
Peter Manev
petermanev at gmail.com
Fri Jan 25 15:55:39 UTC 2013
On Fri, Jan 25, 2013 at 4:23 PM, Will Metcalf <william.metcalf at gmail.com>wrote:
> While we are talking about having len and endswith would be really
> useful for at least http_uri, http_user_agent, and http_host_header.
> The first for performing exact matches i.e.
>
> content:"Mozilla"; http_user_agent; http_user_agent_len:7;
>
> to match
>
> User-Agent: Mozilla\r\n
>
> or
>
> content:".exe"; http_uri; endswith;
>
> to match
>
> GET /blah/blat/foo.exe HTTP/1.1\r\n
>
>
> etc... Want a feature request? :)
>
yes !
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130125/c86214ea/attachment-0002.html>
More information about the Oisf-users
mailing list