Snort mailing list archives
Re: Snort 2.1.0 - Shutting up http_inspect on non web servers
From: James Nonya <slave_tothe_box () yahoo com>
Date: Wed, 14 Jan 2004 06:16:00 -0800 (PST)
On Tue, 13 Jan 2004 12:31:03 -0800 (PST) "James Nonya" <slave_tothe_box () yahoo com> wrote:
Any way to do this people? I've just
upgraded....and
got some server profiles going with http_inspect_server, but I'm getting BOATLOADS of other http traffic in there as well. Help!!! __________________________________
Hehe...here's from a previous post: preprocessor http_inspect_server: server default \ ports { 80 8080 } \ flow_depth 300 \ ascii no \ utf_8 no \ bare_byte no \ base36 no \ iis_unicode no \ double_decode no \ non_rfc_char { 0x00 } \ multi_slash no \ iis_backslash no \ directory no \ apache_whitespace no \ iis_delimiter no \ chunk_length 64000 \ non_strict Then adding my real servers has nicely shut up http_inspect for our client workstations. I'm surprised that there is no option to simple say: http_inspect_server: server $HTTP_SERVERS that will only inspect servers, not clients accessing outside servers. James __________________________________ Do you Yahoo!? Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 2.1.0 - Shutting up http_inspect on non web servers James Nonya (Jan 13)
- <Possible follow-ups>
- Re: Snort 2.1.0 - Shutting up http_inspect on non web servers James Nonya (Jan 14)
- RE: Snort 2.1.0 - Shutting up http_inspect on non web servers Schmehl, Paul L (Jan 14)
- Re: Snort 2.1.0 - Shutting up http_inspect on non web servers James Nonya (Jan 14)
- Re: Snort 2.1.0 - Shutting up http_inspect on non web servers Owen McCusker (Jan 14)
- RE: Snort 2.1.0 - Shutting up http_inspect on non web servers Schmehl, Paul L (Jan 14)
- Re: Snort 2.1.0 - Shutting up http_inspect on non web servers James Nonya (Jan 14)