Versions (6)
Version DetailsCurrent
Rev: 5 • Jul 24, 2025, 5:44 PMATTACK [PTsecurity] Mismatch URI and Host header. Possible Squid cache poisoning
alert http any any -> any any (msg:"ATTACK [PTsecurity] Mismatch URI and Host header. Possible Squid cache poisoning"; content:"GET"; http_method; content:"://"; fast_pattern; distance:0; http_raw_uri; pcre:"/^\w+\s+\w+:\/\/\S+\s+.*?[\r\n].*?Host:[ \t]+[\w\.:]+\b/is"; pcre:! "/^\w+\s+\w+:\/\/([^\/\s:#]+)[\/\s:#]\S*.+?Host:[ \t]*\1\S*\b/is"; reference:url, bugs.squid-cache.org/show_bug.cgi?id=4501; reference:cve, 2016-4554; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10000035; rev:5;)
Jul 24, 2025, 5:44 PM
Jul 24, 2025, 5:44 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-attacks.rules