[Snort-users] upgrade from snort 2.0.1 -> 2.1.2: guardian blocks common http access

Walter Joman eiskalt007 at ...125...
Wed Apr 7 17:27:02 EDT 2004


hi all,

i've upgraded snort from 2.0.1 to 2.1.2, now guardian blocks lots of 
common/normal http-requests. mostly (sh)it happens when posting request in 
phpmyadmin or horde-frameset, but even on normal "website-surfin'"

the most common ouputs of snort/guardian are:

(http_inspect) OVERSIZE REQUEST-URI DIRECTORY

and

(http_inspect) BARE BYTE UNICODE ENCODING

and

(http_inspect) APACHE WHITESPACE (TAB)

and finaly

(http_inspect) NON-RFC HTTP DELIMITER

should I disable these rules? why does this happen?

thank you all for ur participation.

andreas

_________________________________________________________________
MSN Messenger - sehen, welche Freunde online sind! 
http://www.msn.de/messenger Jetzt kostenlos downloaden und mitmachen!





More information about the Snort-users mailing list