From 4c67f0a2c896f04debd736333848a15e27c57692 Mon Sep 17 00:00:00 2001 From: Armins Date: Wed, 7 Dec 2016 18:07:12 +0200 Subject: [PATCH] Added fast_pattern --- app/Lib/Export/NidsExport.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Lib/Export/NidsExport.php b/app/Lib/Export/NidsExport.php index 45a5f3599..356515009 100644 --- a/app/Lib/Export/NidsExport.php +++ b/app/Lib/Export/NidsExport.php @@ -309,7 +309,7 @@ class NidsExport { ); $sid++; // also do http requests, - $content = 'flow:to_server,established; content: "Host|3a|"; nocase; http_header; content:"' . $attribute['value'] . '"; nocase; http_header; pcre: "/(^|[^A-Za-z0-9-])' . preg_quote($attribute['value']) . '[^A-Za-z0-9-\.]/H";'; + $content = 'flow:to_server,established; content: "Host|3a|"; nocase; http_header; content:"' . $attribute['value'] . '"; fast_pattern; nocase; http_header; pcre: "/(^|[^A-Za-z0-9-])' . preg_quote($attribute['value']) . '[^A-Za-z0-9-\.]/H";'; $this->rules[] = sprintf($ruleFormat, ($overruled) ? '#OVERRULED BY WHITELIST# ' : '', 'tcp', // proto