[Snort-sigs] Need help with snort rules

Sabawoon Mageedzada sabawoon.majeedzada at ...2420...
Thu Aug 7 13:43:56 EDT 2014

Hello everyone,

I have the following rules.

alert tcp any any -> any 80  (msg:"HTTP GET PACKET with
parameter";content:"/current_time_in_AF.aspx?city=" ;pcre:"/^[a-zA-Z]+$/ "

Or this one.
alert tcp any any -> any 80 (msg:"HTTP GET paramater"; content:"GET";
content:"/city.php?id=" pcre:"/city.php

When visiting these websites; Random Example websites.


website for rule 1

I do not see any alerts generated or shown on screen.
To generate alerts if specific attribute is used with a HTTP GET request.
Say for example, I should get alerts if a get http attribute has gets a
value. For example, I should get an alert if the date attribute is used in
here. http:/www.example.com/index.php?date=something

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20140807/846da02b/attachment.html>

More information about the Snort-sigs mailing list