[Snort-users] Alerts of "(http\_inspect) NON-RFC DEFINED CHAR"

Gabriel Assis Amancio gamancio at ...11324...
Fri Feb 27 04:24:01 EST 2004


	Hi! 

	I have just installed Snort 2.1 on RedHat 7.3 ... 
	I was receiving a lot of alerts like this:
		(http\_inspect) NON-RFC DEFINED CHAR
		(http\_inspect) NON-RFC HTTP DELIMITER 
		(http\_inspect) APACHE WHITESPACE (TAB) 
		(http\_inspect) NON-RFCF DEFINED CHAR 
		(http\_inspect) OVERSIZE CHUNK ENCODING 

	when my configuration was there:
		
		preprocessor http_inspect: global \
		    iis_unicode_map unicode.map 1252

		preprocessor http_inspect_server: server default \
		    profile all \
		    ports { 80 8080 }


	After this, I change my configuration for this:

		
		preprocessor http_inspect: global \
		    iis_unicode_map unicode.map 1252

		preprocessor http_inspect_server: server default \
		    profile all \
		    ports { 80 3128 8080 } \
		    no_alerts

	And now, I only receive "(http\_inspect) NON-RFC DEFINED CHAR" alerts ..
	How I do to not receive this alerts ?!??
		
		

	regards, 


Gabriel 




More information about the Snort-users mailing list