inliniac/tls-sni.lua

## tls-sni.lua
function init (args)
    local needs = {}
    needs["tls"] = tostring(true)
    return needs
end

function match(args)
    sni = TlsGetSNI();
    if sni == nil then
        return 0
    end
    str = string.format("SNI %s", sni);
    SCLogInfo(str);
    if sni == "www.google.com" then
        return 1
    end
    return 0
end

## tls-sni.rules
alert tls any any -> any any (flow:to_server; lua:tls-sni.lua; sid:1;)
reject tls any any -> any any (flow:to_server; lua:tls-sni.lua; sid:2;)
	function init (args)
	local needs = {}
	needs["tls"] = tostring(true)
	return needs
	end

	function match(args)
	sni = TlsGetSNI();
	if sni == nil then
	return 0
	end
	str = string.format("SNI %s", sni);
	SCLogInfo(str);
	if sni == "www.google.com" then
	return 1
	end
	return 0
	end
	alert tls any any -> any any (flow:to_server; lua:tls-sni.lua; sid:1;)
	reject tls any any -> any any (flow:to_server; lua:tls-sni.lua; sid:2;)