Snort rules to detect malformed http scanning



I would liek to add rule to my snort database which can block scanning of malformed urls.

We are runnning our website in CGI which eventually generated mix of java script based HTml code.

Few days back we are experiencing traffic from scanners and bots which scans our website for PHP files,which we don't have.

I would like to block IP addresses of this types of scan genration.

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------