[Snort-users] http_inspects post_depth

Eoin Miller eoin.miller at ...14586...
Fri Jun 3 13:43:29 EDT 2011

Kind of wondering about this from the manual:

11. post_depth <integer>
This specifies the amount of data to inspect in a client post message. 
The value can be set from -1 to 65495. The default value is -1. A value 
of -1 causes Snort to ignore all the data in the post message. 
Inversely, a value of 0 causes Snort to inspect all the client post 
message. This increases the performance by inspecting only specified 
bytes in the post message.

I'm trying to wrap my head around the wording of this. Does this 
effectively mean 0 = 65495? Or does setting the value to 0 cause 
inspection of all of it beyond the 65495 buffer range?

-- Eoin

More information about the Snort-users mailing list