[Snort-users] can't get http_stat_code to firing

Anonymous forum myforum149 at ...11827...
Fri Mar 23 11:02:53 EDT 2012

I have enabled the http_inspect and preprocessor enabled. I have extended
responses enabled.
my rule is alert tcp any any -> $HTTP_SERVER $HTTP_PORTS (content:"404";
http_stat_code;sid:11111111111;msg:"url not found";)

why would it not be firing..
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120323/75e27173/attachment.html>

More information about the Snort-users mailing list