Snort mailing list archives
RE: http_inspect config options?
From: "Michael Steele" <michaels () winsnort com>
Date: Sat, 26 Feb 2005 08:47:57 -0800
You might want to try editing the line?
preprocessor http_inspect_server: server 10.1.0.3 profile iis ports { 80
8080 8180 } oversize_dir_length 500 double_decode no
Kindest regards,
Michael...
WINSNORT.com Management Team Member
--
Pick up your FREE Windows or UNIX Snort installation guides
mailto:support () winsnort com
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users- admin () lists sourceforge net] On Behalf Of Rich Adamson Sent: Saturday, February 26, 2005 4:56 AM To: Snort Users Postings Subject: [Snort-users] http_inspect config options? I'm trying to tune the http_inspect preprocessor on a v2.3rc2 win32 system using an entry like: preprocessor http_inspect_server: server 10.1.0.3 \ profile iis ports { 80 8080 8180 } oversize_dir_length 500 \ double_decode no After making the change to include the "double_decode no" statement, snort fails to start complain about that statement. Commenting it out allows snort to start correctly. The doc\README.http_inspect file suggests this is a valid option, but I can't seem to find a syntax that actually is accepted. The sample in the etc\snort.conf suggests I'm using the correct syntax but obviously something is amiss. Thoughts anyone? ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- http_inspect config options? Rich Adamson (Feb 26)
- RE: http_inspect config options? Michael Steele (Feb 26)
- RE: http_inspect config options? Rich Adamson (Feb 27)
- Re: http_inspect config options? Jeremy Hewlett (Feb 28)
- RE: http_inspect config options? Rich Adamson (Mar 06)
- RE: http_inspect config options? Rich Adamson (Feb 27)
- RE: http_inspect config options? Michael Steele (Feb 26)