[Snort-users] writing rule with uricontent keyword

Jiju Menon security4rrm at ...11827...
Mon Feb 28 11:40:57 EST 2005


2/28

Hello,

I tried to get an alert with a test rule using uricontent:

alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"yahoo.com";
uricontent:"yahoo.com";nocase;)

The rule seems not to detect a connection made to yahoo.com. Can
anyone help me to get this rule working?

Thanks.




More information about the Snort-users mailing list