[Snort-users] Need an efficient way to generate rules for URL Filtering

Rishabh Shah rishabh420 at ...11827...
Sun Mar 22 02:33:41 EDT 2015

Hi All,

Thanks for your prompt replies.
@Anthony- I will have a look at DNS Blackhole and see if it fits my scenario
@James- Sure. I will check that.
@Jack- I want to blacklist fqdns + full urls. Any suggestions?

On Sun, Mar 22, 2015 at 7:54 AM, Jack Pepper <
pepperjack at ...14319...> wrote:

> are these fqdns, full urls or domain names?
> On Fri, Mar 20, 2015 at 7:05 AM, Rishabh Shah <rishabh420 at ...11827...>
> wrote:
>> Hi Snort Team,
>> Hope you are doing well.
>> I have a database of 1000 URLs that I want to block using Snort. Do I
>> need to create 1000 separate rules to block each of them? Wouldn't there be
>> a performance hit if I have a separate rule for each one of them(consider
>> my database increases to 10K URLs)? Any alternatives that could achieve my
>> aim?
>> FYI, this is how my rule looks today:
>> reject tcp any any -> any any (msg:"Blacklisted URL"; content:"
>> youtube.com"; http_uri; react: msg;)
>> --
>> Regards,
>> Rishabh Shah.
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming The Go Parallel Website,
>> sponsored
>> by Intel and developed in partnership with Slashdot Media, is your hub
>> for all
>> things parallel software development, from weekly thought leadership
>> blogs to
>> news, videos, case studies, tutorials and more. Take a look and join the
>> conversation now. http://goparallel.sourceforge.net/
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!

Rishabh Shah.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150322/25cc6640/attachment.html>

More information about the Snort-users mailing list