There are two options for handling of requests that match a SNORT rule: Drop Connection or Send Reject. Both options prevent the request from reaching the Real Server(s); this option configures the response returned to the client sending the malicious request.

Drop Connection Intrusion Handling

A rule match will generate no HTTP response. The TCP connection will terminate - no HTML content will be delivered to the client.

Send Reject Intrusion Handling

Once a rule is matched the response to the client will be set to HTTP 400 “Invalid Request” and the corresponding exploit note will be delivered to the client in a HTML document.

Sample Request: http://<VIP>/modules/articles/index.php?cat_id=SQL

Sample Response: <html><head><title>400 Invalid Request</title></head><body>Invalid Request: COMMUNITY WEB-PHP Xoops module Articles SQL Injection Exploit</body>