[Oisf-users] HTTP domain whitelist?
Peter Manev
petermanev at gmail.com
Fri Jan 17 06:33:51 UTC 2014
> On 16 jan 2014, at 19:57, "Cooper F. Nelson" <cnelson at ucsd.edu> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi all,
>
> I'm having some performance issues with suricata which seem to be
> related to a few very high trafficked domains (like AV url reputation
> services). I can't whitelist by IP as its served from a CDN and changes
> constantly.
>
> Is there any way to tell suricata to not process urls that match a
> certain domain?
I do not think so.
Unless you can do some magic with bpf filters?
>
> - --
> Cooper Nelson
> Network Security Analyst
> UCSD ACT Security Team
> cnelson at ucsd.edu x41042
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQEcBAEBAgAGBQJS2Ct9AAoJEKIFRYQsa8FW3coIAJylxf069jPgWUAfZdBOLBnX
> 8KuypXrVTjeafholt2qFMdXXK/VCPmRCIEw4ttLq7kKd7HS2tdYNIfT5HDsrgdTQ
> FFnmRW850WMR+EeDgsSChH545CkOaHvHvY7ZQurLPuzcD9nSSR+vfy2LAIaIfEce
> d1jYdBnMQNve3vnhig92ITXi24k5t7ljzwJHZnlXDdzzrgnC5nZSTIWgo2uEAO0e
> S0VS24B9izOTIWiNbT9gxxabzY6Thb/g8TXV2Y5yKn3NS0BiVcVoSD63lH5cjZlA
> Gw6EVlZTJvN3MnBsWepFguRFuRi2n0lnAt31v2YfLerCwWsscaTlNSKVuhGW9Fw=
> =iouF
> -----END PGP SIGNATURE-----
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
More information about the Oisf-users
mailing list