[Snort-users] disable http_inspect for external www servers

Jason security at ...5028...
Mon Sep 27 17:56:58 EDT 2004

I do not think there is a way within http_inspect to do what you want. 
You should consider using suppression to suppress all of the 
http_inspect alerts for that that destination address.


Tim Bernhardson wrote:
> Running Snort 2.2.0, have http_inspect enableed but 98+% of alerts are
> for Traffic between Squid and External WWW Servers.
> Is there any way to telll http_inspect to only inspect servers on a
> specific subnet (I.E. or to ignore all traffic
> from a specific IP Address?
> I have read through the doucmentation and browsed the web and have not
> had any luck finding an answer.
> Thanks
> Tim Bernhardson
> Senior Technical Engineer
> Certified Citrix Metaframe Administrator
> Certified CyberGuard Administrator
> Certified AIX 4.3 System Administrator
> Sun-Maid Growers of California
> 7273 Murray Drive, Ste 18
> Stockton, CA 95210
> tbernhar at sunmaid dot com
> -------------------------------------------------------
> This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
> Project Admins to receive an Apple iPod Mini FREE for your judgement on
> who ports your project to Linux PPC the best. Sponsored by IBM.
> Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

More information about the Snort-users mailing list