http_version

Snort parses the HTTP version from request and response start/status lines and makes it accessible to rule-writers via the http_version sticky buffer. This is usually HTTP/1.0 or HTTP/1.1.

Format:

http_version;

Examples:

http_version; content:"HTTP/1.1";

http_version; content:"HTTP/1.0";