Feature #1468: File extension : fileext rule protocol support - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #1468

closed

File extension : fileext rule protocol support

Added by simplewall softwares almost 9 years ago. Updated about 5 years ago.

Status:

Closed

Priority:

Normal

Assignee:

OISF Dev

Target version:

Effort:

Difficulty:

Label:

Description

Hello Team,

We use combination of Squid + Suricata version 2.0.7 inline[nfqueue].

With IPS rule we achieve perfect block of file download for all kind of supported extensions.

E.g :

drop ip any any <> 27.12.12.14 any (msg:"TCP_DENIED File Extension exe under Banned_Patterns for VPN-user2 "; fileext:"exe"; sid:83879519;rev:1;)

Newer latest beta version support only HTTP type of rule and due to this not able to achieve blocking of file download.

drop http any any <> 27.12.12.14 any (msg:"TCP_DENIED File Extension exe under Banned_Patterns for VPN-user2 "; fileext:"exe"; sid:83879519;rev:1;)

Error:

11/5/2015 -- 15:51:13 - <Error> - [ERRCODE: SC_ERR_CONFLICTING_RULE_KEYWORDS(141)] - rule contains conflicting keywords.

Kindly review it and add support to TCP,UDP & IP rules for fileext on 2.1 version

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #1468

File extension : fileext rule protocol support

Updated by Peter Manev almost 9 years ago

Updated by Andreas Herz over 7 years ago

Updated by Andreas Herz almost 6 years ago

Updated by Victor Julien about 5 years ago