Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort 2.8.6-beta and gzip encoding

From: luismanuel.carril () usc es
Date: Thu, 14 Jan 2010 13:52:16 +0100
Hi
   I have been trying to use the new gzip feature to detect words in  
the HTTP body response, but I am unable to detect anything.

   I have compiled Snort with --enable-zlib and at the conf file I  
have configured the http_inspect_server  in this way:

preporcessor http_inspect_server: server default \
   profile all ports {80 8080 8180} oversize_dir_length 500  
server_flow_depth 1460 extended_response_inspection inspect_gzip  
compress_depth 1460 decompress_depth 20480


   Has someone had success with this?

Thanks in advance

Luis M.

------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: