[Snort-devel] Problems with HTTP Inspect in Versions 2.6 - 2.612

Steven Sturges steve.sturges at ...402...
Wed Jan 24 12:04:59 EST 2007


Hi Brent--

You need to specify a default server config in addition to the specific
ones, so that if there is HTTP traffic going to a web-server other than
the specific ones, Http Inspect knows how to treat it.

This was a change made in 2.6 -- to require a default server config.

Your default config doesn't have to do anything special -- you can use
the one in the shipping snort.conf:

preprocessor http_inspect_server: server default \
    profile all ports { 80 8080 8180 } oversize_dir_length 500

Cheers.
-steve

Erickson Brent W KPWA wrote:
> Hello all,
> 
> We have been using Snort since version 1.6
> 
> We were one of the sites that helped initially test the first release of the
> HTTP Inspection PreProcessor with Dan Roelker.
> 
> Since version 2.4 and 2.45 or even before, we ran with the default server
> config commented out and just used the global config and the server config
> specific to our own HTTP servers.
> 
> Since version 2.6, Snort will exit upon start up and say that the default
> server config is not active.
> 
> I've looked through the 2.6.1 manual and the HTTP Inspect readme and I
> cannot find a solution.
> 
> I appreciate your help.
> 
> Brent Erickson
> 
> 
> 
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> 





More information about the Snort-devel mailing list