Re: http_header usage

[Cagri Ersen <cagri.ersen () gmail com>]

On Tue, Apr 22, 2014 at 4:18 PM, lists () packetmail net
<lists () packetmail net>wrote:


> I'm pretty sure that based on those configuration directives with values
> being
>  set to zero you've effectively disabled the http_* buffers.


I've tried that with none-zero values too, but there is no any progress. I
think I just figure out the problem. It seems it's related with VMware.
This setup is running on a vmware fusion instance and http_keywords don't
work at all, but if I run the same setup with same conf on a physical
server then it works! (I can capture the traffic on the vm guest by using
tcpdump or wireshark without any problem, so it shouldn't be an issue with
"sniffing".)

I've tried it on VMWare Fusion and ESX 5.0 hosts and both of them have the
same problem with http_* keywords.


-- 
Cagri Ersen
http://www.syslogs.org

------------------------------------------------------------------------------
Start Your Social Network Today - Download eXo Platform
Build your Enterprise Intranet with eXo Platform Software
Java Based Open Source Intranet - Social, Extensible, Cloud Ready
Get Started Now And Turn Your Intranet Into A Collaboration Platform
http://p.sf.net/sfu/ExoPlatform

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!