aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

doc: Minor changes in structuring of HTTP Keywords / Snort differences

Browse Source
pull/3062/head
Ralph Broenink 8 years ago committed by Victor Julien
parent e9b25988ba
commit f6c766112c
2 changed files with 6 additions and 19 deletions
Show Stats Download Patch File Download Diff File

7
doc/userguide/rules/differences-from-snort.rst
Unescape Escape View File

@ -2,19 +2,12 @@
Differences From Snort Differences From Snort
====================== ======================
Overview
--------
This document is intended to highlight the major differences between Suricata This document is intended to highlight the major differences between Suricata
and Snort that apply to rules and rule writing. and Snort that apply to rules and rule writing.
Where not specified, the statements below apply to Suricata. In general, Where not specified, the statements below apply to Suricata. In general,
references to Snort refer to the version 2.9 branch. references to Snort refer to the version 2.9 branch.
Contents
--------
.. contents::
Automatic Protocol Detection Automatic Protocol Detection
---------------------------- ----------------------------

18
doc/userguide/rules/http-keywords.rst
Unescape Escape View File

@ -1,5 +1,3 @@
:tocdepth: 2
HTTP Keywords HTTP Keywords
============= =============
.. role:: example-rule-emphasis .. role:: example-rule-emphasis
@ -22,7 +20,7 @@ refresher:
alert http any any -> any any (http_response_line; content:"403 Forbidden"; sid:1;) alert http any any -> any any (http_response_line; content:"403 Forbidden"; sid:1;)
The following request keywords are available: The following **request** keywords are available:
============================== ======================== ================== ============================== ======================== ==================
Keyword Sticky or Modifier Direction Keyword Sticky or Modifier Direction
@ -50,7 +48,7 @@ http_protocol Sticky Buffer Both
http_header_names Sticky Buffer Both http_header_names Sticky Buffer Both
============================== ======================== ================== ============================== ======================== ==================
The following response keywords are available: The following **response** keywords are available:
============================== ======================== ================== ============================== ======================== ==================
Keyword Sticky or Modifier Direction Keyword Sticky or Modifier Direction
@ -70,11 +68,12 @@ http_protocol Sticky Buffer Both
http_header_names Sticky Buffer Both http_header_names Sticky Buffer Both
============================== ======================== ================== ============================== ======================== ==================
HTTP Primer
-----------
It is important to understand the structure of HTTP requests and It is important to understand the structure of HTTP requests and
responses. A simple example of a HTTP request and response follows: responses. A simple example of a HTTP request and response follows:
HTTP request **HTTP request**
------------
:: ::
@ -86,8 +85,7 @@ HEAD, etc. The URI path is ``/index.html`` and the HTTP version is
the versions 0.9, 1.0 and 1.1, 1.0 and 1.1 are the most commonly used the versions 0.9, 1.0 and 1.1, 1.0 and 1.1 are the most commonly used
today. today.
HTTP response **HTTP response**
-------------
:: ::
@ -178,10 +176,6 @@ Example of the purpose of ``http_uri``:
.. image:: http-keywords/uri.png .. image:: http-keywords/uri.png
Example of the purpose of ``http_raw_uri``:
#.. image:: http-keywords/raw_uri.png
uricontent uricontent
---------- ----------

Write Preview
Loading…
Cancel
Save