Feature #1468
closedFile extension : fileext rule protocol support
Description
Hello Team,
We use combination of Squid + Suricata version 2.0.7 inline[nfqueue].
With IPS rule we achieve perfect block of file download for all kind of supported extensions.
E.g :
drop ip any any <> 27.12.12.14 any (msg:"TCP_DENIED File Extension exe under Banned_Patterns for VPN-user2 "; fileext:"exe"; sid:83879519;rev:1;)
Newer latest beta version support only HTTP type of rule and due to this not able to achieve blocking of file download.
drop http any any <> 27.12.12.14 any (msg:"TCP_DENIED File Extension exe under Banned_Patterns for VPN-user2 "; fileext:"exe"; sid:83879519;rev:1;)
Error:
11/5/2015 -- 15:51:13 - <Error> - [ERRCODE: SC_ERR_CONFLICTING_RULE_KEYWORDS(141)] - rule contains conflicting keywords.
Kindly review it and add support to TCP,UDP & IP rules for fileext on 2.1 version