[Oisf-users] Suricata Active Response
Victor Julien
lists at inliniac.net
Sat Apr 13 13:37:42 UTC 2019
On 11-04-19 16:24, Brad Johnson wrote:
> I am interested in an active response back to a web client when it
> accesses a blocked site, such as redirecting to a web page telling them
> the site is prohibited. Snort has this functionality with their 'react'
> keyword. The Suricata documentation says active responses are handled
> automatically when using the reject keyword. But that seems to only
> cause the TCP connection to be reset. Is there a way to do this in
> Suricata? I am currently using version 4.0.4.
We have a ticket open for it:
https://redmine.openinfosecfoundation.org/issues/609
It's not a priority, so it's something we hope a community member will
help implement.
Regards,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list