[Snort-users] snort http_inspect
jh at ...1935...
Tue May 11 11:25:08 EDT 2004
On Tue, May 11, nyarlathothep at ...2470... wrote:
> Hello everyone,
> I have a question about the use of the Snorts preprocessors:
> I've installed Snort on a Linux box and I've tried from outside to do a APACHE
> CHUNKED ENCODE (Bugtraq ID: 5033, CVE:).
> Snort records in the database only the http_inspect data, so : (http_inspect)
> OVERSIZE CHUNK ENCODING
> but it dsnt activate the rules, one of those I think:
This sounds like you've stumbled on a known issue. What version are
you using? Snort 2.1.2+ has this fix.
More information about the Snort-users