alert refused to pass

[Jasmine CHUA <Jasmine.Chua () internationalsos com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all

I have a problem here and hope someone can help me see some light. I have a
pass rule that goes:

pass tcp $INTRA_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC /doc/
access"; flow:to_server,established; uricontent:"/doc/"; nocase;
reference:cve,CVE-1999-0678; reference:bugtraq,318;
classtype:web-application-activity;sid:1000026;rev:1;)

However, I am still seeing traffic and the rule does not work.

My snort.conf :

var INTRA_NET [x.x.x.x/x]

var HTTP_SERVERS [y.y.y.y/y]


And, I did include a "-o" when running snort.

What am I missing here.. :(

Jas 
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1

iQA/AwUBQD8Q3P4wcdIw6CVjEQIKlgCcD54tGq0/hceXylcb/Xptz4lxlq8Anjmo
dKnW7zlg3/Y1DVLYiQ59zzy0
=Wo0A
-----END PGP SIGNATURE-----

Attachment: PGPexch.rtf.asc
Description: