[Snort-devel] preprocessor http_inspect
passreality at ...398...
Fri Nov 19 10:49:07 EST 2004
I have been testing different setups to get rid of the
waste amount of alerts in my system. Not sure if im
missing something or if the http_inspect is "missing"
The Feature im looking for is the ability to only
check ips that are defined in the HOME_NET range. This
way i will not get all alerts concerning webserver
that are not located on my net.
I see two diffrent ways to solve it.
1. Is to have the "preprocessor http_inspect: global"
take one more parameter "only_home_net"
2. Let the IP parameter to "http_inspect_server:
server [IP]" take a range value.
Do you Yahoo!?
Check out the new Yahoo! Front Page.
More information about the Snort-devel