Layer7 Rules can close connections?



  • Hi,
    I've been trying to filter some http packets that come with this form "GET /0.XXX" and it's filtering the packets very well using this pattern code:

    http-botnet1
    /\x3f0\x2e[0-9].

    This blocks all the packets, but what I truly want is that if a packet with that form if recived, the connection should be closed.

    Is there a way to do that?



  • I say you probably want to look into snort for this sort of stuff



  • IT just blocks the whole connection if a packet that matches is received.
    Not whole packets.


Log in to reply