Snort mailing list archives
RE: disable http_inspect for external www servers
From: "M Shirk" <shirkdog_linux () hotmail com>
Date: Wed, 29 Sep 2004 07:46:26 -0400
Leads to a good question for the list.My first reaction is to make an explicit rule with a SPECIAL_NET variable to alert on, but then create a pass rule for anything other then the SPECIAL_NET group.
However, is this the best approach? (Question to list) Shirkdog
From: "Tim Bernhardson" <TBERNHAR () SunMaid com> To: <snort-users () lists sourceforge net> Subject: [Snort-users] disable http_inspect for external www servers Date: Mon, 27 Sep 2004 16:46:50 -0700 Running Snort 2.2.0, have http_inspect enableed but 98+% of alerts are for Traffic between Squid and External WWW Servers. Is there any way to telll http_inspect to only inspect servers on a specific subnet (I.E. 192.168.0.0/255.255.0.0)? or to ignore all traffic from a specific IP Address? I have read through the doucmentation and browsed the web and have not had any luck finding an answer. Thanks Tim Bernhardson Senior Technical Engineer Certified Citrix Metaframe Administrator Certified CyberGuard Administrator Certified AIX 4.3 System Administrator Sun-Maid Growers of California 7273 Murray Drive, Ste 18 Stockton, CA 95210 tbernhar at sunmaid dot com ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_________________________________________________________________Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- disable http_inspect for external www servers Tim Bernhardson (Sep 27)
- Re: disable http_inspect for external www servers Jason (Sep 27)
- <Possible follow-ups>
- RE: disable http_inspect for external www servers M Shirk (Sep 29)
- Re: disable http_inspect for external www servers Jeremy Hewlett (Sep 30)