[Bro] Use ACTION_DROP to Limit HTTP/FTP Access?

[Huiping Song]

We are thinking about limiting HTTP/FTP access by using the "base/frameworks/notice/actions/drop.bro" script:   only allow HTTP file upload and FTP put/mput commands from specified IP addresses.

Is it possible to accomplish this by simply modifying http/ftp scripts from the Bro script packages?  Does anyone have sample scripts for using ACTION_DROP for HTTP or FTP traffic?  I couldn't find out any usages of ACTION_DROP in the installed bro scripts.

Thank you,
Huiping

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20120806/bd0f7ba3/attachment.html