[Snort-users] Need an efficient way to generate rules for URL Filtering

Rishabh Shah rishabh420 at ...11827...
Fri Mar 20 08:05:04 EDT 2015


Hi Snort Team,

Hope you are doing well.

I have a database of 1000 URLs that I want to block using Snort. Do I need
to create 1000 separate rules to block each of them? Wouldn't there be a
performance hit if I have a separate rule for each one of them(consider my
database increases to 10K URLs)? Any alternatives that could achieve my aim?

FYI, this is how my rule looks today:
reject tcp any any -> any any (msg:"Blacklisted URL"; content:"youtube.com";
http_uri; react: msg;)

-- 
Regards,
Rishabh Shah.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150320/adeeb164/attachment.html>


More information about the Snort-users mailing list