0

I have a reverseproxy that proxies HTTP/HTTPS traffic between webbservers and I have set up Suricata in order to find and block malicious traffic to it.

Is there any way to trigger a alert via a CURL-request? Does the EICAR-test work?

I have done some googling but I could not find something straight-forward in order to trigger Suricata with curl.

Orphans
  • 1,404
  • 17
  • 26

1 Answers1

1

http://testmynids.org/uid/index.html or http://www.testmyids.ca/ can be used to test, it will raise an "Attempted Information Leak".

For the reverse proxy, you can create an HTML file with the content "uid=0(root) gid=0(root) groups=0(root)" on the web server 'http://webserver1/test_ids.html' then you can use curl to download it.

St0rm
  • 111
  • 2
  • 1
    This is indeed helpful, but it seems like this is more for an outgoing proxy (such as squid), and not a reverseproxy. I have made my question more clear regarding this. – Orphans Jul 08 '21 at 11:52