[Oisf-users] Suricata Active Response

Brad Johnson bjohnson at ecessa.com
Thu Apr 11 14:24:44 UTC 2019

I am interested in an active response back to a web client when it accesses
a blocked site, such as redirecting to a web page telling them the site is
prohibited. Snort has this functionality with their 'react' keyword. The
Suricata documentation says active responses are handled automatically when
using the reject keyword. But that seems to only cause the TCP connection
to be reset. Is there a way to do this in Suricata? I am currently using
version 4.0.4.
Thanks in advance.


<http://www.twitter.com/ecessa>  <http://www.facebook.com/Ecessa>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190411/ce93a1f7/attachment.html>

More information about the Oisf-users mailing list