Re: http_header not working

["Joel Esler (jesler)" <jesler () cisco com>]

Did you compile with —enable-sourcefire?


On Sep 26, 2014, at 11:37 AM, NIDS TEAM <nidsteam () gmail com<mailto:nidsteam () gmail com>> wrote:

Thanks Joel. Halfway there. It solved the issue on some of the test setups (Virtual boxes) where I scanned the pcaps.

I tried the same on the physical appliance and realised that the original problem that I tried to debug has to be a 
different one. The same request as above www.google.com/mail<http://www.google.com/mail> does not trigger any alert as 
soon as the http_* flags are used (not depending on the directions). Is there anything that could be missing? Compile 
flags? Configuration?

The http_inspect configuration is identical on the VMs and the physical box.

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!