[Snort-devel] preprocessor http_inspect

Passreality passreality at ...398...
Fri Nov 19 10:49:07 EST 2004

I have been testing different setups to get rid of the
waste amount of alerts in my system. Not sure if im
missing something or if the http_inspect is "missing"
a feature.
The Feature im looking for is the ability to only
check ips that are defined in the HOME_NET range. This
way i will not get all alerts concerning webserver
that are not located on my net.

I see two diffrent ways to solve it.
1. Is to have the "preprocessor http_inspect: global"
take one more parameter "only_home_net"
2. Let the IP parameter to "http_inspect_server:
server [IP]" take a range value.


Do you Yahoo!? 
Check out the new Yahoo! Front Page. 

More information about the Snort-devel mailing list