Need help with snort rules

[Sabawoon Mageedzada <sabawoon.majeedzada () gmail com>]

Hello everyone,

I have the following rules.

alert tcp any any -> any 80  (msg:"HTTP GET PACKET with
parameter";content:"/current_time_in_AF.aspx?city=" ;pcre:"/^[a-zA-Z]+$/ "
;flow:to_server,established;http_method;sid:990992;)

Or this one.
alert tcp any any -> any 80 (msg:"HTTP GET paramater"; content:"GET";
content:"/city.php?id=" pcre:"/city.php
?id=[0-9]{1,10}/iU";​http_method;flow:to_server,established;​sid:20000011;)

When visiting these websites; Random Example websites.

http://dateandtime.info/city.php?id=1138958​

website for rule 1
http://www.worldtimeserver.com/current_time_in_AF.aspx?city=Kabul

I do not see any alerts generated or shown on screen.
To generate alerts if specific attribute is used with a HTTP GET request.
Say for example, I should get alerts if a get http attribute has gets a
value. For example, I should get an alert if the date attribute is used in
here. http:/www.example.com/index.php?date=something


Thanks,
SF

------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls. 
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!