[Snort-users] disable http_inspect for external www servers
security at ...5028...
Mon Sep 27 17:56:58 EDT 2004
I do not think there is a way within http_inspect to do what you want.
You should consider using suppression to suppress all of the
http_inspect alerts for that that destination address.
Tim Bernhardson wrote:
> Running Snort 2.2.0, have http_inspect enableed but 98+% of alerts are
> for Traffic between Squid and External WWW Servers.
> Is there any way to telll http_inspect to only inspect servers on a
> specific subnet (I.E. 192.168.0.0/255.255.0.0)? or to ignore all traffic
> from a specific IP Address?
> I have read through the doucmentation and browsed the web and have not
> had any luck finding an answer.
> Tim Bernhardson
> Senior Technical Engineer
> Certified Citrix Metaframe Administrator
> Certified CyberGuard Administrator
> Certified AIX 4.3 System Administrator
> Sun-Maid Growers of California
> 7273 Murray Drive, Ste 18
> Stockton, CA 95210
> tbernhar at sunmaid dot com
> This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
> Project Admins to receive an Apple iPod Mini FREE for your judgement on
> who ports your project to Linux PPC the best. Sponsored by IBM.
> Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users