[Snort-users] Snort 2.8.6-beta and gzip encoding

luismanuel.carril at ...14693... luismanuel.carril at ...14693...
Thu Jan 14 07:52:16 EST 2010

   I have been trying to use the new gzip feature to detect words in  
the HTTP body response, but I am unable to detect anything.

   I have compiled Snort with --enable-zlib and at the conf file I  
have configured the http_inspect_server  in this way:

preporcessor http_inspect_server: server default \
   profile all ports {80 8080 8180} oversize_dir_length 500  
server_flow_depth 1460 extended_response_inspection inspect_gzip  
compress_depth 1460 decompress_depth 20480

   Has someone had success with this?

Thanks in advance

Luis M.

More information about the Snort-users mailing list