[Snort-users] how to write rule to match content in http responce gzip encoding?
wkitty42 at ...14940...
Thu Dec 13 13:13:44 EST 2012
On 12/13/2012 12:57, Mitesh Jadia wrote:
> I am writing one rule like
> http response is in gzip encoding and I have enabled ZLIB while configuring
> snort. Also http_inspect preprocessor configuration is set to
> extended_response_inspection. But this rule is not getting matched.
> Please show me proper way.
post the rule that you have as it is... you may be close or you may be a world
away... we cannot tell without seeing the rule...
there are several ways to do things and one answer is not always /the/ only
More information about the Snort-users