[Oisf-users] Question about drop http requests
carlopmart
carlopmart at gmail.com
Wed Sep 25 18:59:53 UTC 2013
On 25/09/13 17:23, Anoop Saldanha wrote:
> On Tue, Sep 24, 2013 at 10:26 PM, carlopmart <carlopmart at gmail.com> wrote:
>> Hi all,
>>
>> Is it possible to configure suricata to drop all http connections that
>> they doesn't appears in a config file??
>>
>> For example, I would like to drop all http connections initiated by
>> server 1.1.1.1 but except for some domains like:
>>
>> .google.com
>> .yahoo.com ...
>>
>
> drop http 1.1.1.1 any -> any any (content:!".google.com"; http_host;
> content:!".yahoo.com"; http_host; sid:1;)
>
Good!!! Thanks Anoop ... But it is not possible to do something like this:
drop http 1.1.1.1 any -> any any (content:!"/path/to/myconfigfile.txt";
http_host; sid:1;)??
/path/to/myconfigfile.txt with the following content:
.google.com
.yahoo.com
....
--
CL Martinez
carlopmart {at} gmail {d0t} com
More information about the Oisf-users
mailing list