[Snort-users] http_inspect

Jefferson, Shawn Shawn.Jefferson at ...14448...
Tue Nov 10 13:32:40 EST 2009


I'm looking at tuning the http_inspect pre-processor, specifically some of the false positives I get from this.

My question is, if you set some of these options:

u_encode no
bare_byte no
iis_unicode no
double_decode no

Will that affect the ability for snort to process some of the http specific rules in the ruleset?  Does it affect the normalization of http traffic, or just turn off these specific alerts?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20091110/0d80628c/attachment.html>

More information about the Snort-users mailing list