If you are not sure if the website you would like to visit is secure, you can verify it here. Enter the website address of the page and see parts of its content and the thumbnail images on this site. None (if any) dangerous scripts on the referenced page will be executed. Additionally, if the selected site contains subpages, you can verify it (review) in batches containing 5 pages.
favicon.ico: docs.snort.org/rules/options - Rule Options - Snort 3 Rule Wr.

site address: docs.snort.org/rules/options/index.html redirected to: docs.snort.org/rules/options

site title: Rule Options - Snort 3 Rule Writing Guide

Our opinion (on Friday 17 July 2026 1:23:48 UTC):

GREEN status (no comments) - no comments
After content analysis of this website we propose the following hashtags:



Meta tags:
description=;

Headings (most frequently used words):

rule, snort, writing, guide, options,

Text of the page (most frequently used words):
options (29), rule (24), and (19), specific (16), snort (12), #option (7), are (6), the (6), payload (6), rules (6), all (5), criteria (5), detection (5), that (4), content (4), set (4), its (4), writing (4), require (3), example (3), have (3), service (3), http_uri (3), given (3), non (3), general (3), each (3), with (3), guide (3), some (2), reference (2), not (2), quotes (2), http (2), buffer (2), for (2), but (2), structure (2), actions (2), packet (2), after (2), has (2), post (2), arguments (2), they (2), character (2), should (2), file (2), basics (2), using (2), specifying, sub, url, www, com, this, modifier, tells, look, subsequent, matches, only, match, well, others, double, web_form, php, these, discussed, great, detail, later, manual, here, few, their, take, fired, provide, additional, context, there, four, major, categories, important, note, multiple, separated, commas, own, critera, follow, same, first, enclosed, parentheses, header, then, declared, name, followed, optionally, any, lastly, terminated, heart, soul, determine, passed, along, destination, instead, stopped, tracks, dark, light, snortml, hexdump, lua, shared, object, miscellaneous, information, tag, replace, detection_filter, stream_size, stream_reassemble, rpc, icmp_seq, icmp_id, icode, itype, window, ack, seq, file_type, flowbits, flow, flags, ip_proto, fragbits, ipopts, tos, ttl, fragoffset, s7commplus, modbus, mms, iec, 104, cip, dnp3, gtp, md5, sha256, sha512, cvs, sd_pattern, sip, dce, ssl_state, ssl_version, ber_data, ber_skip, byte_jump, byte_math, byte_test, byte_extract, base64_decode, base64_data, vba_data, js_data, file_data, raw_data, pkt_data, regex, pcre, dsize, isdataat, bufferlen, combining, request, response, http_trailer_test, http_header_test, http_num_cookies, http_num_trailers, http_num_headers, http_max_trailer_line, http_max_header_line, http_version_match, http_true_ip, http_trailer, http_raw_trailer, http_raw_request, http_raw_status, http_stat_msg, http_stat_code, http_version, http_method, http_param, http_client_body, http_raw_body, http_cookie, http_raw_cookie, http_header, http_raw_header, http_raw_uri, offset, depth, distance, within, width, endian, nocase, fast_pattern, file_meta, rem, metadata, priority, classtype, rev, sid, gid, msg, syntax, key, identification, new, types, direction, operators, port, numbers, addresses, protocols, headers, alert, logging, trace, modules, tweaks, scripts, wizard, binder, configuration, reading, traffic, command, line, installing, getting, started, introduction,


Text of the page (random words):
rule options snort 3 rule writing guide snort 3 rule writing guide introduction using snort 3 getting started with snort 3 installing snort using snort command line basics reading traffic configuration rules wizard and binder tweaks and scripts trace modules alert logging writing snort rules the basics rule headers rule actions protocols ip addresses port numbers direction operators new rule types service rules file rules file identification rules rule options rule option syntax key general rule options msg reference gid sid rev classtype priority metadata service rem file_meta payload detection rule options content fast_pattern nocase width and endian offset depth distance and within http specific options http_uri and http_raw_uri http_header and http_raw_header http_cookie and http_raw_cookie http_client_body and http_raw_body http_param http_method http_version http_stat_code http_stat_msg http_raw_request and http_raw_status http_trailer and http_raw_trailer http_true_ip http_version_match http_max_header_line http_max_trailer_line http_num_headers http_num_trailers http_num_cookies http_header_test http_trailer_test combining request and response detection bufferlen isdataat dsize pcre regex pkt_data raw_data file_data js_data vba_data base64_decode and base64_data byte_extract byte_test byte_math byte_jump ber_data and ber_skip ssl_state and ssl_version dce specific options sip specific options sd_pattern cvs md5 sha256 and sha512 gtp specific options dnp3 specific options cip specific options iec 104 specific options mms specific options modbus specific options s7commplus specific options non payload detection rule options fragoffset ttl tos id ipopts fragbits ip_proto flags flow flowbits file_type seq ack window itype icode icmp_id icmp_seq rpc stream_reassemble stream_size post detection rule options detection_filter replace tag miscellaneous information shared object rules hexdump lua snortml snort light snort dark snort 3 rule writing guide rule options rule options are the heart and soul of a snort rule as they determine if a given packet should be passed along to its destination or if it should instead be stopped in its tracks each rule option has its own set of option specific critera but they all follow the same general structure first all rule options are enclosed in parentheses after the rule header then each rule option is declared with its name followed optionally by a character and any option specific criteria lastly each rule option is terminated with a character it s important to note that not all options have arguments and some options have multiple arguments that are separated by commas there are four major categories of rule options general options provide additional context for a given rule payload options set payload specific criteria non payload options set non payload specific criteria post detection options set actions to take on a given packet after the rule has fired all of these are discussed in great detail later in the manual but here are a few example options and their specific structure this is an example of a buffer modifier http_uri it tells snort to look for subsequent content matches only in that buffer http_uri content match specific criteria as well as others require double quotes content web_form php not all options have criteria that require quotes service http some options require specifying a sub option reference url www example com
Thumbnail images (randomly selected): * Images may be subject to copyright.GREEN status (no comments)

    No Images


    Verified site has: 130 subpage(s). Do you want to verify them? Verify pages:

    1-5 6-10 11-15 16-20 21-25 26-30 31-35 36-40 41-45 46-50
    51-55 56-60 61-65 66-70 71-75 76-80 81-85 86-90 91-95 96-100
    101-105 106-110 111-115 116-120 121-125 126-130


    Top 50 hastags from of all verified websites.

    Supplementary Information (add-on for SEO geeks)*- See more on header.verify-www.com

    Header

    HTTP/1.1 301 Moved Permanently
    Date Fri, 17 Jul 2026 01:23:47 GMT
    Content-Type text/html; charset=UTF-8
    Transfer-Encoding chunked
    Connection keep-alive
    Server-Timing cfEdge;dur=8,cfOrigin;dur=0
    Location htt????/docs.snort.org/rules/options/index.html
    X-Content-Type-Options nosniff
    Vary accept-encoding
    set-cookie __cf_bm=LM8FIdrrjJZOx.heAlKV_nmyLLWzziEIeg3s1g7xXXk-1784251427.8439162-1.0.1.1-YV4jQSjGY2KhuZhn0Rim81fANiI7Hztw2mMNBL6aFYSdKHizdbes8F6GjpXc6P9bSi_YuqV.GMJUaqmtVFVvg7t.cWpKvFi_mh_rSNweGGQiNHpC6LFZLKZXNE.O9HRU; HttpOnly; Path=/; Domain=snort.org; Expires=Fri, 17 Jul 2026 01:53:47 GMT
    Server cloudflare
    CF-RAY a1c571800c76d475-CDG
    alt-svc h3= :443 ; ma=86400
    HTTP/2 308
    date Fri, 17 Jul 2026 01:23:47 GMT
    content-length 0
    x-content-type-options nosniff
    report-to group : cf-nel , max_age :604800, endpoints :[ url : htt????/a.nel.cloudflare.com/report/v4?s=XES%2FYNU1JP0Wde9A7qGN3p5pkw6NUMFN0ahUM%2FPg0nGkQu%2BBjWUAsvILbn1GKUJ%2BJ894ZtakilwQYxOzPCnz3uRJGJO1zBj5k0YT8DbFw7QEi1MZuqVX7GcPaCZUlEmHLg%3D%3D ]
    location /rules/options/
    nel report_to : cf-nel , success_fraction :0.0, max_age :604800
    access-control-allow-origin *
    referrer-policy strict-origin-when-cross-origin
    server cloudflare
    cf-cache-status DYNAMIC
    strict-transport-security max-age=15552000
    set-cookie __cf_bm=pINeoUE0dQZ_rCpYOJv0kdtyP.9UtP8MslZ46.KbNNI-1784251427.8795695-1.0.1.1-dECeuMHTUeg2aLNVnapHAcoKFcgq5ZhTHAMDZyLSaXVvEo.Ahd.v0AbTU8hTkfLTPUx0MYtTNG6UVi7KT1FEZrCLNw2sXpxMioMPsXgKT0qLEokT3M8mkdv34KTA6YDj; HttpOnly; SameSite=None; Secure; Path=/; Domain=snort.org; Expires=Fri, 17 Jul 2026 01:53:47 GMT
    server-timing cfCacheStatus;desc= DYNAMIC
    server-timing cfEdge;dur=9,cfOrigin;dur=18
    cf-ray a1c571803923dd47-CDG
    alt-svc h3= :443 ; ma=86400
    HTTP/2 200
    date Fri, 17 Jul 2026 01:23:47 GMT
    content-type text/html; charset=utf-8
    strict-transport-security max-age=15552000
    report-to group : cf-nel , max_age :604800, endpoints :[ url : htt????/a.nel.cloudflare.com/report/v4?s=6FNH48QAmvBTsG3zuLyQMo3na7Zolp0aIChpyGQDFjjgFisu3y9zw3TOZxGtCcRgfBN815NZ5NZ4oncaMpzX6hMtfj5jgm83jHmxSpPlltMUh%2F1FExNDoz0EiBP1dAnnUw%3D%3D ]
    nel report_to : cf-nel , success_fraction :0.0, max_age :604800
    access-control-allow-origin *
    cache-control public, max-age=0, must-revalidate
    x-content-type-options nosniff
    referrer-policy strict-origin-when-cross-origin
    server-timing cfCacheStatus;desc= DYNAMIC
    server-timing cfEdge;dur=3,cfOrigin;dur=16
    server cloudflare
    cf-cache-status DYNAMIC
    vary accept-encoding
    set-cookie __cf_bm=ZrVchfz0209MamTnUHTyZkzs848a98hQIVYT.gG_3ZA-1784251427.916294-1.0.1.1-WguMe_KfPGNmAEpNdCOlI6VpqEImc27jAImn1f_ibg15KUFSU.3q8hTwoGe9IwfbyJBUEJGqUkvIdYA2pstZ2McOZTq2sPbGTQ9q6UlvYvy88xqFPvbNr8DnFg2xcS2S; HttpOnly; SameSite=None; Secure; Path=/; Domain=snort.org; Expires=Fri, 17 Jul 2026 01:53:47 GMT
    content-encoding gzip
    cf-ray a1c571807978dd47-CDG
    alt-svc h3= :443 ; ma=86400

    Meta Tags

    title="Rule Options - Snort 3 Rule Writing Guide"
    charset="UTF-8"
    content="text/html; charset=utf-8" http-equiv="Content-Type"
    name="description" content=""
    name="viewport" content="width=device-width, initial-scale=1"
    name="theme-color" content="#ffffff"

    Load Info

    page size26719
    load time (s)0.108584
    redirect count2
    speed download49055
    server IP 104.16.91.19
    * all occurrences of the string "http://" have been changed to "htt???/"