Feature #341: urilen option to match on raw uri - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #341

closed

VJ AS

urilen option to match on raw uri

Feature #341: urilen option to match on raw uri

Added by Victor Julien over 14 years ago. Updated over 14 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Anoop Saldanha

Target version:

1.2rc1

Effort:

Difficulty:

Label:

Description

By default Suricata's urilen matches on the normalized buffer. Snort 2.9.1 added support for matching on both the raw and normalized buffers:

urilen:min<>max[,<uribuf>];
urilen:[<|>]<number>[,<uribuf>];
<uribuf> : "norm" | "raw"

It seems that Snort selects the raw uri by default.

Files

0001-bug-341-support-for-urilen-check-on-both-norm-and-ra.patch (26.1 KB) 0001-bug-341-support-for-urilen-check-on-both-norm-and-ra.patch

Anoop Saldanha, 12/22/2011 04:26 AM

History
Notes
Property changes

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Feature #341

urilen option to match on raw uri

VJ Updated by Victor Julien over 14 years ago Actions
Copy link
#1

AS Updated by Anoop Saldanha over 14 years ago Actions
Copy link
#2

VJ Updated by Victor Julien over 14 years ago Actions
Copy link
#3

Project

General

Profile

Suricata

Custom queries

Feature #341

urilen option to match on raw uri

VJ Updated by Victor Julien over 14 years ago ActionsCopy link #1

AS Updated by Anoop Saldanha over 14 years ago ActionsCopy link #2

VJ Updated by Victor Julien over 14 years ago ActionsCopy link #3

VJ Updated by Victor Julien over 14 years ago Actions
Copy link
#1

AS Updated by Anoop Saldanha over 14 years ago Actions
Copy link
#2

VJ Updated by Victor Julien over 14 years ago Actions
Copy link
#3