Snort cannot detect HTTP OPTIONS payload

[Maxim <hittlle () 163 com>]

Hi all, 
Does anyone know how to match HTTP OPTIONS payload? Seems that snort doesn't support the detection of HTTP OPTIONS 
payload. I wrote the following rule
               alert tcp any any -> any any (content:"OPTIONS";nocase;http_method; pcre:"/A{10, }/iP"; 
sid:10000001;rev:1;classtype:web-application-attack;msg:"CVE-2010-0361";)
and I used curl to send such a request
              curl -X OPTIONS -O '192.168.2.112' --data "AAAAAAAAAAAAAAAAAAAAAA"
snort didn't trigger any alerts. Then I changed the rule to detect HTTP POST, and put it this way
                 alert tcp any any -> any any (content:"POST";nocase;http_method; pcre:"/A{10, }/iP"; 
sid:10000001;rev:1;classtype:web-application-attack;msg:"CVE-2010-0361";)
and used curl to send POST request
                curl -X POST -O '192.168.2.112' --data "AAAAAAAAAAAAAAAAAAAAAA"
this time, snort triggered a alert, very strange. Am I missing anything?
Many thanks.

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!