[Snort-users] disable http_inspect for external www servers

Jason security at ...5028...
Mon Sep 27 17:56:58 EDT 2004


I do not think there is a way within http_inspect to do what you want. 
You should consider using suppression to suppress all of the 
http_inspect alerts for that that destination address.

http://www.snort.org/docs/snort_manual/node12.html

Tim Bernhardson wrote:
> Running Snort 2.2.0, have http_inspect enableed but 98+% of alerts are
> for Traffic between Squid and External WWW Servers.
> Is there any way to telll http_inspect to only inspect servers on a
> specific subnet (I.E. 192.168.0.0/255.255.0.0)? or to ignore all traffic
> from a specific IP Address?
> 
> I have read through the doucmentation and browsed the web and have not
> had any luck finding an answer.
> 
> Thanks
> 
> Tim Bernhardson
> Senior Technical Engineer
> Certified Citrix Metaframe Administrator
> Certified CyberGuard Administrator
> Certified AIX 4.3 System Administrator
> Sun-Maid Growers of California
> 7273 Murray Drive, Ste 18
> Stockton, CA 95210
> 
> tbernhar at sunmaid dot com
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
> Project Admins to receive an Apple iPod Mini FREE for your judgement on
> who ports your project to Linux PPC the best. Sponsored by IBM.
> Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 





More information about the Snort-users mailing list