I want some help with suricata ruleset I want my suricata to block domains like youtube.com,web.whatsapp.com and other social networking sites. I am not sure what I am doing wrong I have used both dns, ssl/tls, still I am able to get the response of curl -I https://www.youtube.com
Please Help!
Make sure your Suricata is configured in IPS mode and use drop rules.
Seems like you are starting with Suricata so I would suggest to first look at some networking/Suricata tutorials around.
For future posts please don’t forget to post how you have your network configured, what is your Suricata.yaml, how you run Suricata and what are your rules/logs.
Hi @lukashino I am currently running suricata version 7.0.3 with the help of idstower. And as per the documentations I think this version of suricata is in default ips and ids mode I read it somewhere. I have done everything possible with my knowledge about suricata.
Because I want to monitor suricata logs too. If there is any other alternative for idstower please do provide me with the feed back.
As mentioned in your other thread, we first need more details about your setup. Otherwise IPS configuration is described here: 15. Setting up IPS/inline for Linux — Suricata 8.0.0-dev documentation