[Oisf-users] Question about drop http requests
Anoop Saldanha
anoopsaldanha at gmail.com
Wed Sep 25 17:23:45 UTC 2013
On Tue, Sep 24, 2013 at 10:26 PM, carlopmart <carlopmart at gmail.com> wrote:
> Hi all,
>
> Is it possible to configure suricata to drop all http connections that
> they doesn't appears in a config file??
>
> For example, I would like to drop all http connections initiated by
> server 1.1.1.1 but except for some domains like:
>
> .google.com
> .yahoo.com ...
>
drop http 1.1.1.1 any -> any any (content:!".google.com"; http_host;
content:!".yahoo.com"; http_host; sid:1;)
--
-------------------------------
Anoop Saldanha
http://www.poona.me
-------------------------------
More information about the Oisf-users
mailing list