[Snort-users] Problem with Content rule option

Mark Greenman mark.greenman.014 at ...11827...
Wed Dec 17 23:01:25 EST 2014


Hi. I am new to snort. I want to use content rule option to execute some
actions based on the content of the http response message (the payload).
But, it can not work properly. For example, if I want to replace some word
with another, the detection engine can detect some words in the http
response message but can not some of the same words in the same message.
Sometimes it can't even detect a single word. The problem is that it works
properly for the content of the http header. Does anyone know the reason?

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20141218/42186144/attachment.html>


More information about the Snort-users mailing list