deny all but permitted URI using IDS/IPS

[Shashank Rai <shashrai () emirates net ae>]

Hi all,

I am interested in a IDS/IPS system with the following functionality
(required to protect a website):

I should be able to define a list of permitted URI for a particular IP
or host and deny/drop (or generate an alert) for any other HTTP request
to that destination. As this system will sit in a network segment which
will get HTTP requests for other websites too, the system should not
only be capable of reading the HTTP request but also analyse that if it
is for a particular destination IP, then it should react.Though the site
is not static, the URI in the GET/POST request are not changing. 

Is this possible using any free/ GPLed/ commercial product to implement
this functionality? Realsecure / ManHunt/ Intruder Alert/snort/Cisco
NIDS/ (squid+iptables) ... anything that will help??? What will be the
impact on the performance of the web-site (it is a heavily used site!!)
with the introduction of this "additional" :) security setup.

thnx 

-- 
Shashank Rai <shashrai () emirates net ae>


------------------------------------------------------------------------------
INTRUSION PREVENTION: READY FOR PRIME TIME?
 
IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - 
including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. 
 
Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: 
http://www.securityfocus.com/IntruVert-focus-ids