Hello Suricata guru,
I tried following but speedtest keep getting stuck
pass http $HOME_NET any → $EXTERNAL_NET 80 (http.host; dotprefix; content:“.speedtest.net”; endswith; msg:“Pass HTTP to .speedtest.net”; sid:1162; rev:1;)
pass tls $HOME_NET any → $EXTERNAL_NET 443 (tls.sni; dotprefix; content:“.speedtest.net”; endswith; msg:“Pass TLS to .speedtest.net”; sid:1163; rev:1;)
Please provide more details, we don’t know what version you are using, what config, how you run Suricata (there are several IPS modes, since I assume you do IPS).
Sure, I am using Suricata on AWS network firewall. I want to limit traffic flowing from AWS network firewall and allow speedtest domain for testing.
You could ask the AWS support for help in that case.
As I said we would need more details about the actual Suricata version, config etc.
Also which block/drop signatures you use that might block the traffic regardless of your pass rule.