[Snort-users] Need an efficient way to generate rules for URL Filtering
rishabh420 at ...11827...
Fri Mar 20 08:05:04 EDT 2015
Hi Snort Team,
Hope you are doing well.
I have a database of 1000 URLs that I want to block using Snort. Do I need
to create 1000 separate rules to block each of them? Wouldn't there be a
performance hit if I have a separate rule for each one of them(consider my
database increases to 10K URLs)? Any alternatives that could achieve my aim?
FYI, this is how my rule looks today:
reject tcp any any -> any any (msg:"Blacklisted URL"; content:"youtube.com";
http_uri; react: msg;)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users