Chaged http/detect to http/detect-sqli.

- It was only detecting SQL injections anyway, so it seems
  to make sense.

policy/http/detect-sqli.bro

@@ -1,24 +1,25 @@
-## Behavioral and scripted detections in HTTP.
+##! SQL injection detection in HTTP.
+
 @load http/base
 @load notice
 
 module HTTP;
 
 redef enum Notice::Type += {
-	HTTP_SQL_Injection_Request,
+	SQL_Injection_Attack,
 };
 
-export {
 redef enum Tags += {
 	## Indicator of a URI based SQL injection attack.
 	URI_SQLI,
 	## Indicator of client body based SQL injection attack.  This is 
-		## typically the body content of a POST request.
+	## typically the body content of a POST request. Not implemented yet!
 	POST_SQLI,
-		## Indicator of a cookie based SQL injection attack.
+	## Indicator of a cookie based SQL injection attack. Not implemented yet!
 	COOKIE_SQLI,
 };
 
+export {
 	## This regular expression is used to match URI based SQL injections
 	const match_sql_injection_uri = 
 		/[\?&][^[:blank:]\|]+?=[\-0-9%]+([[:blank:]]|\/\*.*?\*\/)*['"]?([[:blank:]]|\/\*.*?\*\/|\)?;)+([hH][aA][vV][iI][nN][gG]|[uU][nN][iI][oO][nN]|[eE][xX][eE][cC]|[sS][eE][lL][eE][cC][tT]|[dD][eE][lL][eE][tT][eE]|[dD][rR][oO][pP]|[dD][eE][cC][lL][aA][rR][eE]|[cC][rR][eE][aA][tT][eE]|[iI][nN][sS][eE][rR][tT])[^a-zA-Z&]/
@@ -29,7 +30,7 @@ export {
 }
 
 event http_request(c: connection, method: string, original_URI: string,
-                   unescaped_URI: string, version: string) &priority=2
+                   unescaped_URI: string, version: string) &priority=3
 	{
 	if ( match_sql_injection_uri in unescaped_URI )
 		add c$http$tags[URI_SQLI];