alert http $HTTP_SERVERS any -> $EXTERNAL_NET 1024: (msg:"ET WEB_SERVER Possible HTTP 401 XSS Attempt (Local Source)"; flow:from_server,established; threshold:type threshold,track by_src,count 10,seconds 60; http.stat_code; content:"401"; http.stat_msg; content:"Unauthorized"; nocase; file.data; content:"<script"; nocase; depth:280; fast_pattern; classtype:web-application-attack; sid:2010513; rev:8; metadata:created_at 2010_07_30, confidence Medium, signature_severity Minor, updated_at 2020_11_02;)