mirror of https://github.com/OISF/suricata
doc: add bypass keyword documentation
Signed-off-by: jason taylor <jtfas90@gmail.com>pull/3541/head
parent
961931e73a
commit
fc54d750dd
@ -0,0 +1,19 @@
|
||||
Bypass Keyword
|
||||
==============
|
||||
|
||||
Suricata has a ``bypass`` keyword that can be used in signatures to exclude traffic from further evaluation.
|
||||
|
||||
The ``bypass`` keyword is useful in cases where there is a large flow expected (e.g. Netflix, Spotify, Youtube).
|
||||
|
||||
The ``bypass`` keyword is considered a post-match keyword.
|
||||
|
||||
|
||||
bypass
|
||||
--------
|
||||
|
||||
Bypass a flow on matching http traffic.
|
||||
|
||||
Example::
|
||||
|
||||
alert http any any -> any any (content:"suricata-ids.org"; \
|
||||
http_host; bypass; sid:10001; rev:1;)
|
Loading…
Reference in New Issue