Suricata rule for user based authentication

bkmis · April 18, 2024, 3:41pm

Hi All,

I’m new to Suricata, and I previously had a setup with a proxy that authenticated requests using usernames and passwords passed through Squid proxy. Now, we’ve transitioned to using AWS Network Firewall and Suricata rules to manage whitelisting. I’m looking to implement a Suricata rule to authenticate usernames and passwords, but I’m having trouble finding suitable content. Could you please provide some sample rules to address this scenario?

I know AWS Network Firewall (i.e. rebadged Suricata) is not an HTTP Proxy so might not support HTTP layer Basic Authentication or similar methods. can advise a different approach to achieve this?

Andreas_Herz · April 25, 2024, 6:21pm

I would recommend to start with the official documentation and maybe focus at a second step on the rule keywords like 8. Suricata Rules — Suricata 8.0.0-dev documentation but it would mostly depend on how the traffic looks like that you see at that point. Does Suricata see the username and password hash?

Topic		Replies	Views
Suricata on AWS network firewall Help ips , suricata	0	731	September 24, 2022
Create rules on pfsense Rules ips , pfsense , suricata	2	739	September 2, 2022
Suricata pass rule not working Rules	16	3630	April 28, 2022
AWS Network Firewall Stateful (Suricata) rules not working - Pass TLS only Help rules	5	883	August 16, 2023
How to write pass rules for traffic missing an SNI field? Help aws-network-firewall	1	386	May 18, 2023

Suricata rule for user based authentication

Related Topics