[Oisf-users] [suricata]About rules question
7ym0n
hackking at 126.com
Mon Apr 9 03:04:22 UTC 2018
HI all:
When I was using suricata, I encountered the following problems. Using Google,bing didn't find a solution, How can solve this problem??
1.How do I start a match from the reciprocal N bytes of a payload or buffer?
e.g:
http://localhost/?id=1&page=-1 union select 1,1,1,load_file(char(99,58,47,98,111,111,116,46,105,110,105))
The match starts at the end of the uri:"116,46,105,110,105"
2. cannot specify multiple HTTP keywords in the content?
e.g:
alert http any any -> any any (msg:"---(1)-test union select";content:"load_file";http_uri;http_client_body;nocase;classtype:test;sid:203456189;rev:1;)
it's not work!
need to check whether there are related features in multiple fields in HTTP, and how to present them in a rule?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180409/db36a3f5/attachment.html>
More information about the Oisf-users
mailing list