blob: e5505a68dd279c2a234317f89f76c9fc4e422291 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
Bypass Keyword
==============
Suricata has a ``bypass`` keyword that can be used in signatures to exclude traffic from further evaluation.
The ``bypass`` keyword is useful in cases where there is a large flow expected (e.g. Netflix, Spotify, YouTube).
The ``bypass`` keyword is considered a post-match keyword.
bypass
------
Bypass a flow on matching http traffic.
Example::
alert http any any -> any any (content:"suricata.io"; \
http_host; bypass; sid:10001; rev:1;)
|
