Snort mailing list archives
Re: HTTP_INSPECT
From: Jeremy Hewlett <jh () sourcefire com>
Date: Fri, 17 Dec 2004 14:46:05 -0500
On Fri, Dec 17, Lucia Di Occhi wrote:
Is there a way to tell HTTP_INSPECT to alert only on ANY->MYSERVERS like any other good rule? I am getting alerts on connections generating from my network toward ANY and I'd like to only get alerts generating from ANY to MYSERVERS.
Set your 'default' profile to no_alerts, then set up unique 'server' profiles for your servers with what you want. You can't currently use /CIDR with server profiles, that feature is coming Real Soon Now (tm). ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Best detection of Worm Bristol, Gary L. (Dec 16)
- Re: Best detection of Worm Nick Hatch (Dec 16)
- HTTP_INSPECT Lucia Di Occhi (Dec 17)
- Re: HTTP_INSPECT Jeremy Hewlett (Dec 17)
- Message not available
- Re: HTTP_INSPECT Jeremy Hewlett (Dec 17)
- HTTP_INSPECT Lucia Di Occhi (Dec 17)
- Re: Best detection of Worm Nick Hatch (Dec 16)