Enabling all ports on 'http_inspect_server'

[Junaid Bohio via Snort-users <snort-users () lists snort org>]

Hi,

I am wondering if Snort allows to enable all ports
under 'http_inspect_server' server? In case of normal HTTP traffic, listing
few standard ports is sufficient, but in case of malware traffic the remote
control server can be listening on any port. If a non-standard port is not
listed under that config then HTTP modifiers like 'http_uri',
'http_header', etc. don't work. I have done various tests and it doesn't
seem to be accepting port range or all ports (most likely for performance
reasons) but i just want to verify it here.

Thank you!

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette