Suricata rule for user based authentication

bkmis · April 18, 2024, 3:41pm

Hi All,

I’m new to Suricata, and I previously had a setup with a proxy that authenticated requests using usernames and passwords passed through Squid proxy. Now, we’ve transitioned to using AWS Network Firewall and Suricata rules to manage whitelisting. I’m looking to implement a Suricata rule to authenticate usernames and passwords, but I’m having trouble finding suitable content. Could you please provide some sample rules to address this scenario?

I know AWS Network Firewall (i.e. rebadged Suricata) is not an HTTP Proxy so might not support HTTP layer Basic Authentication or similar methods. can advise a different approach to achieve this?

Andreas_Herz · April 25, 2024, 6:21pm

I would recommend to start with the official documentation and maybe focus at a second step on the rule keywords like 8. Suricata Rules — Suricata 8.0.0-dev documentation but it would mostly depend on how the traffic looks like that you see at that point. Does Suricata see the username and password hash?

Topic		Replies	Views
Analyze HTTPS traffic with proxy Help suricata	5	1386	October 24, 2024
Suricata on AWS network firewall Help ips , suricata	0	1057	September 24, 2022
Create rules on pfsense Rules ips , pfsense , suricata	2	915	September 2, 2022
Suricata rules for blocking urls in https Help rules , suricata	3	171	December 5, 2024
Suricata pass rule not working Rules	16	3953	April 28, 2022

Suricata rule for user based authentication

Related topics