Hi!
Using a curl to testmyids.com does not return the GPL attack signature. Instead, the following signature is alerted.
That rule looks like it will match any curl user agent going out.
If both could match that traffic, is it possible this is either a higher priority or listed before the rule you expect to trigger?
Understood.
But now it´s not generating any alert. yesterday it was working well
Testmyids.com has a force redirect to https making it not that useful for this type of testing. We’ve updated our docs to use curl http://testmynids.org/uid/index.html which does not redirect to https and works for this purpose.
2 Likes
Can´t thank you enough!