RE: [Snort-users] http_inspect config options?
This is a discussion on RE: [Snort-users] http_inspect config options? within the Snort forums, part of the System Security and Security Related category; You might want to try editing the line? preprocessor http_inspect_server: server 10.1.0.3 profile iis ports { 80 8080 ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-26-2005
|
|||
|
|||
RE: [Snort-users] http_inspect config options?
You might want to try editing the line?
preprocessor http_inspect_server: server 10.1.0.3 profile iis ports { 80 8080 8180 } oversize_dir_length 500 double_decode no Kindest regards, Michael... WINSNORT.com Management Team Member -- Pick up your FREE Windows or UNIX Snort installation guides mailto:support@winsnort.com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org > -----Original Message----- > From: snort-users-admin@lists.sourceforge.net [mailto:snort-users- > admin@lists.sourceforge.net] On Behalf Of Rich Adamson > Sent: Saturday, February 26, 2005 4:56 AM > To: Snort Users Postings > Subject: [Snort-users] http_inspect config options? > > > I'm trying to tune the http_inspect preprocessor on a v2.3rc2 win32 > system using an entry like: > > preprocessor http_inspect_server: server 10.1.0.3 \ > profile iis ports { 80 8080 8180 } oversize_dir_length 500 \ > double_decode no > > After making the change to include the "double_decode no" statement, > snort fails to start complain about that statement. Commenting it > out allows snort to start correctly. > > The doc\README.http_inspect file suggests this is a valid option, > but I can't seem to find a syntax that actually is accepted. The > sample in the etc\snort.conf suggests I'm using the correct syntax > but obviously something is amiss. > > Thoughts anyone? > > > > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
