Suricata Pass List Setup Questions/Issues
h2obuffalo last edited by
I am trying to set up a pass list for Suricata so my cloud-based POS system does not get blocked. I have the IP addresses, but its hosted by CloudFlare. CloudFlare doesn't allow for direct IP address access(see attached), so when I put in the IPs into the alias section I get "Could not fetch the URL." When I use the FQDN, it works, but Suricata does not use FQDNs.
-Is there any sort of work around while still using IPs?
-Or am I limited to going though alerts and blocks to filter out the rules that are blocking the POS system?
![Screen Shot 2017-12-26 at 1.03.29 PM.png](/public/imported_attachments/1/Screen Shot 2017-12-26 at 1.03.29 PM.png)
![Screen Shot 2017-12-26 at 1.03.29 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2017-12-26 at 1.03.29 PM.png_thumb)
what type of alias are you using? seems like you use URL(IPs).
try to add the ip to a host-type-alias or use a network-type-alias.