[Oisf-users] Suricata Active Response

Victor Julien lists at inliniac.net
Sat Apr 13 13:37:42 UTC 2019

On 11-04-19 16:24, Brad Johnson wrote:
> I am interested in an active response back to a web client when it
> accesses a blocked site, such as redirecting to a web page telling them
> the site is prohibited. Snort has this functionality with their 'react'
> keyword. The Suricata documentation says active responses are handled
> automatically when using the reject keyword. But that seems to only
> cause the TCP connection to be reset. Is there a way to do this in
> Suricata? I am currently using version 4.0.4.

We have a ticket open for it:


It's not a priority, so it's something we hope a community member will
help implement.


Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-users mailing list