Snort - not working with HTTPs urls/IPs
-
I am using snort with my pfsense. I have added two IPs(By doing ping command for two different sites) in my IP lists file section and then marked the file as a blacklist file inside wan/lan. When i try to open non-https urls it gets blocked but the url with https doesnt get block.
-
@sandeep335577 said in Snort - not working with HTTPs urls/IPs:
I am using snort with my pfsense. I have added two IPs(By doing ping command for two different sites) in my IP lists file section and then marked the file as a blacklist file inside wan/lan. When i try to open non-https urls it gets blocked but the url with https doesnt get block.
My first suspicion is that the two URLs are actually resolving to different IP addresses (but that would definitely be weird if they are supposedly the same site). Snort does not care about the protocol at all when using an IP blacklist. It only goes by the IP address.