Suricata action behind AWS gateway balancer

James001 · March 28, 2024, 5:45am

Please include the following information with your help request:

Suricata version

Operating system and/or Linux distribution

How you installed Suricata (from source, packages, something else)

Hi team

We are running Suricata 6 on Amazon EC2 ( Ubuntu) and it’s placed behind AWS gateway load balancer. While playing with it we want to confirm the reject rule action.
According to the doc, while running IDP mode it should send tcp rst to clients if the request hits the denied rules(reject), however Suricata drops the traffic and client waits until timeout. Is this the expected behaviour? Or we misconfigured something ?

Andreas_Herz · April 25, 2024, 7:41pm

Please share your suricata.yaml and how you run suricata (command line arguemnt)

Topic		Replies	Views
Issues with Suricata Working as IDPS Help ips , rules	3	225	November 4, 2024
Suricata 6.0.10 IPS mode not dropping/rejecting request Help ips , suricata	3	270	November 4, 2024
Suricata in IPS mode dropping tcp traffic Help ips	16	2276	April 24, 2024
How to block all traffic which matches BitTorrent-DHT? Help	7	1271	February 20, 2024
Suricata IPS mode "reject" not working as expected Help rules	2	236	May 14, 2024

Suricata action behind AWS gateway balancer

Related topics