Snort mailing list archives
Re: http_* keywords
From: Bhagya Bantwal <bbantwal () sourcefire com>
Date: Wed, 25 Aug 2010 17:45:04 -0400
There is no configuration option to turn off the HTTP request URI extraction and detection in HTTP. By default all the http buffers are extracted by snort (except cookie buffer). The option inspect_uri_only should however turn off all other http keywords. It seems to be broken and will be fixed in the next release. Thanks -B On Thu, Aug 19, 2010 at 6:37 PM, Eoin Miller < eoin.miller () trojanedbinaries com> wrote:
So if a rule has an http_* keyword (http_uri, http_client_body, http_method) but the snort configuration does not allow the use of it because it is missing in the http_inspect configuration section, why does the rule choose to match and fire for that content that is using that keyword modifier? -- Eoin ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- http_* keywords Eoin Miller (Aug 19)
- Re: http_* keywords Bhagya Bantwal (Aug 25)