Suricata action behind AWS gateway balancer

James001 · March 28, 2024, 5:45am

Please include the following information with your help request:

Suricata version

Operating system and/or Linux distribution

How you installed Suricata (from source, packages, something else)

Hi team

We are running Suricata 6 on Amazon EC2 ( Ubuntu) and it’s placed behind AWS gateway load balancer. While playing with it we want to confirm the reject rule action.
According to the doc, while running IDP mode it should send tcp rst to clients if the request hits the denied rules(reject), however Suricata drops the traffic and client waits until timeout. Is this the expected behaviour? Or we misconfigured something ?

Andreas_Herz · April 25, 2024, 7:41pm

Please share your suricata.yaml and how you run suricata (command line arguemnt)

Topic		Replies	Views
Suricata in IPS mode dropping tcp traffic Help ips	16	1804	April 24, 2024
Suricata with NginX in Proxy Mode Help	2	1656	April 17, 2020
Suricata 6.0.0 IPS-mode inline	4	751	June 12, 2021
Suricata don't reject http/ssh Help ips	2	526	March 16, 2023
Suricata 5.0.6 inline on RHEL dropping tls traffic with no alerts Help ips , centos , rules	4	794	August 29, 2021

Suricata action behind AWS gateway balancer

Related Topics