[Snort-users] http_inspects post_depth
eoin.miller at ...14586...
Fri Jun 3 13:43:29 EDT 2011
Kind of wondering about this from the 18.104.22.168 manual:
11. post_depth <integer>
This specifies the amount of data to inspect in a client post message.
The value can be set from -1 to 65495. The default value is -1. A value
of -1 causes Snort to ignore all the data in the post message.
Inversely, a value of 0 causes Snort to inspect all the client post
message. This increases the performance by inspecting only specified
bytes in the post message.
I'm trying to wrap my head around the wording of this. Does this
effectively mean 0 = 65495? Or does setting the value to 0 cause
inspection of all of it beyond the 65495 buffer range?
More information about the Snort-users