Snort mailing list archives
Re: http_inspect config options?
From: Jeremy Hewlett <jh () sourcefire com>
Date: Mon, 28 Feb 2005 11:44:11 -0500
Hi Rich, *wave* On Sun, Feb 27, Rich Adamson wrote:
Okay, tried that, and regardless of how I format the line, snort responds with: ERROR: E:\snort-v2-3\etc\snort.conf(306) => Invalid token while configuring the profile token. The only allowed tokens when configuring profiles are: 'ports', 'iis_unicode_map', 'allow_proxy_use', 'flow_depth', 'no_alerts', 'oversize_dir_l ength', and 'inspect_uri_only'. Fatal Error, Quitting..
Both Global and Profile configuration directives have a limited set of overrides. If you want to change a profile (read: IIS, Apache), you should replace your IIS/Apache/All profile with a Server configuration and include the options you want: preprocessor http_inspect_server: server 1.1.1.1 \ ports { 80 3128 8080 } \ flow_depth 0 \ ascii no \ double_decode no \ non_rfc_char { 0x00 } \ chunk_length 500000 Remember when specifying "yes" or "no" that all you're modifying is whether or not to *alert* on that type of encoding. Including it in the configuration will automatically enable that type of scrubbing. ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- http_inspect config options? Rich Adamson (Feb 26)
- RE: http_inspect config options? Michael Steele (Feb 26)
- RE: http_inspect config options? Rich Adamson (Feb 27)
- Re: http_inspect config options? Jeremy Hewlett (Feb 28)
- RE: http_inspect config options? Rich Adamson (Mar 06)
- RE: http_inspect config options? Rich Adamson (Feb 27)
- RE: http_inspect config options? Michael Steele (Feb 26)