Snort mailing list archives
Re: Question: Snort-Alerts do not fire when traffic goesthru proxy
From: Victor Roemer <viroemer () cisco com>
Date: Fri, 27 Mar 2015 14:29:35 -0400
Claus,Is your proxy injecting additional headers into the HTTP traffic? (usual suspect). Try bumping the "server_flow_depth" and "client_flow_depth" values in your Snort configuration.
On 03/23/15 10:07, Claus Regelmann wrote:
Message was discarded by filter '\Custom\Strong\PHP' on line 2 Envelope (RCP file content): Message-ID: B0439260505 () spam1 mmcdmz mehealth org Return-path: snort-users-bounces () lists sourceforge net Received-From-MTA: lists.sourceforge.net (unverified [216.34.181.88]) Arrival-Date: 1426729877 (Wed, 18 Mar 2015 21:51:17 -0400) Origin-IP: 216.34.181.88 X-Modus-WasEncrypted: YES X-Modus-BlackList: 216.34.181.88=OK;snort-users-bounces () lists sourceforge net=OK X-Modus-RBL: 216.34.181.88=OK X-Modus-Trusted: 216.34.181.88=NO X-Modus-Audit: TRUE;5;-28051960418533861;130716210777740000 X-CustID: 687 X-Modus-BuildNumber: 214.18364 DomainKey-Status: 0 Resolved-Return-path: snort-users-bounces () lists sourceforge net X-Modus-BATV: OFF X-Modus-SRSRBL: OK X-Sender-Origin: EXTERNAL Recipient: brownr () mmc org Original-Address: brownr () mmc org Dsn-Original-Recipient: rfc822;brownr () mmc org Local-Status: Incoming ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Question: Snort-Alerts do not fire when traffic goesthru proxy Claus Regelmann (Mar 23)
- Re: Question: Snort-Alerts do not fire when traffic goesthru proxy Victor Roemer (Mar 27)