This rule constrains the search for the pattern "GET" to the extracted Method from a HTTP client request.
alert tcp any any -> any 80 (content:"ABC"; content:"GET"; http_method;)
|
Note:
The http_method modifier is not allowed to be used with the rawbytes or fast_pattern modifiers for the same content.
|