I have been trying to find a way to block Content-Disposition using the following.
using a custom signature:
rule tcp,dest=(80),msg="PHP Download Block ",content="Content-Disposition"
When I run a php file
example: blahblah.com/some php file.php
The php file uses Content-Disposition to download an exe to the computer.
sample code:
Content-Disposition: attachment; filename="somefile.exe";
I would like to key off on the "Content-Disposition" and block the file but the only this that its blocking is if I google search for the word
Content-Disposition.
Thanks for the help on this.