Snort mailing list archives
upgrade from snort 2.0.1 -> 2.1.2: guardian blocks common http access
From: "Walter Joman" <eiskalt007 () hotmail com>
Date: Thu, 08 Apr 2004 02:25:26 +0200
hi all,i've upgraded snort from 2.0.1 to 2.1.2, now guardian blocks lots of common/normal http-requests. mostly (sh)it happens when posting request in phpmyadmin or horde-frameset, but even on normal "website-surfin'"
the most common ouputs of snort/guardian are: (http_inspect) OVERSIZE REQUEST-URI DIRECTORY and (http_inspect) BARE BYTE UNICODE ENCODING and (http_inspect) APACHE WHITESPACE (TAB) and finaly (http_inspect) NON-RFC HTTP DELIMITER should I disable these rules? why does this happen? thank you all for ur participation. andreas _________________________________________________________________MSN Messenger - sehen, welche Freunde online sind! http://www.msn.de/messenger Jetzt kostenlos downloaden und mitmachen!
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- upgrade from snort 2.0.1 -> 2.1.2: guardian blocks common http access Walter Joman (Apr 07)