Open Information Security Foundation

01/13/2011

02:03 AM Suricata Bug #230: "uricontent" parameter in rules doesn't work

OK Thanks a lot for your work. Roberto Amado

09/01/2010

07:55 AM Suricata Bug #230: "uricontent" parameter in rules doesn't work

Same configuration snort_inline works fine filtering using uricontent. Roberto Amado

08/30/2010

09:00 AM Suricata Bug #230: "uricontent" parameter in rules doesn't work

I was wondering about you tell me before Gurvinder...
"just to add one more thing to check. Does the server AC... Roberto Amado

04:29 AM Suricata Bug #230: "uricontent" parameter in rules doesn't work

Some info from alert_debug.log for the rule ""drop tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC /etc/passw... Roberto Amado

03:38 AM Suricata Bug #230: "uricontent" parameter in rules doesn't work

In other deployment i have, with the suricata runnig in other host in front of the server with 2 interfaces in bridge... Roberto Amado

03:34 AM Suricata Bug #230: "uricontent" parameter in rules doesn't work

Ok i tested two configurations:
1.- Only with "iptables -A OUTPUT -j NFQUEUE --queue-num 0"
iptables -L -v
Cha... Roberto Amado

02:24 AM Suricata Bug #230: "uricontent" parameter in rules doesn't work

One thing more, that i said before. In ips mode when i switch to content instead uricontent the packet is droped. :S Roberto Amado

02:20 AM Suricata Bug #230: "uricontent" parameter in rules doesn't work

1.- iptables -A INPUT -j NFQUEUE --queue-num 0
2.-When i turn off IPS mode the rule works
Using alert instea... Roberto Amado

01:50 AM Suricata Bug #230: "uricontent" parameter in rules doesn't work

Hi, thx both for answer so soon. here are the things you are comment:
+Victor:+
1.- The output of suricata when... Roberto Amado

08/27/2010

06:10 AM Suricata Bug #230: "uricontent" parameter in rules doesn't work

Doesn't match if i change to alert :_(
also the logs are all 0
0 -rw-r--r-- 1 root root 0 ago 27 14:39 htt... Roberto Amado