RE: Snort 2.1.0 - Shutting up http_inspect on non web servers

["Schmehl, Paul L" <pauls () utdallas edu>]

> -----Original Message-----
> From: snort-users-admin () lists sourceforge net 
> [mailto:snort-users-admin () lists sourceforge net] On Behalf Of 
> James Nonya
> Sent: Wednesday, January 14, 2004 8:16 AM
> To: snort-users () lists sourceforge net
> Subject: Re: [Snort-users] Snort 2.1.0 - Shutting up 
> http_inspect on non web servers
>
> Hehe...here's from a previous post:
>
> preprocessor http_inspect_server: server default \
>     ports { 80 8080 } \
>     flow_depth 300 \
>     ascii no \
>     utf_8 no \
>     bare_byte no \
>     base36 no \
>     iis_unicode no \
>     double_decode no \
>     non_rfc_char { 0x00 } \
>     multi_slash no \
>     iis_backslash no \
>     directory no \
>     apache_whitespace no \
>     iis_delimiter no \
>     chunk_length 64000 \
>     non_strict
This should have been sufficient, with one exception.  It does not "shut
up" non_rfc_chars.  Anyone know how to do that?

preprocessor http_inspect_server: server default \
     ports { 80 8080 } \
     flow_depth 300 \
     no_alerts
 
Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 


-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users