[Snort-users] how to write rule to match content in http responce gzip encoding?

Mitesh Jadia mitesh.jadia at ...11827...
Thu Dec 13 12:57:44 EST 2012


I am writing one rule like

http response is in gzip encoding and I have enabled ZLIB while configuring
snort. Also http_inspect preprocessor configuration is set to
extended_response_inspection. But this rule is not getting matched.

Please show me proper way.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121213/74c6cf17/attachment.html>

More information about the Snort-users mailing list