Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort - not working with HTTPs urls/IPs

    Scheduled Pinned Locked Moved IDS/IPS
    2 Posts 2 Posters 271 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sandeep335577
      last edited by sandeep335577

      I am using snort with my pfsense. I have added two IPs(By doing ping command for two different sites) in my IP lists file section and then marked the file as a blacklist file inside wan/lan. When i try to open non-https urls it gets blocked but the url with https doesnt get block.

      bmeeksB 1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks @sandeep335577
        last edited by bmeeks

        @sandeep335577 said in Snort - not working with HTTPs urls/IPs:

        I am using snort with my pfsense. I have added two IPs(By doing ping command for two different sites) in my IP lists file section and then marked the file as a blacklist file inside wan/lan. When i try to open non-https urls it gets blocked but the url with https doesnt get block.

        My first suspicion is that the two URLs are actually resolving to different IP addresses (but that would definitely be weird if they are supposedly the same site). Snort does not care about the protocol at all when using an IP blacklist. It only goes by the IP address.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.