Snort - how to supress a blocking rule



  • Hi,

    (I know it's a bit particular to the snort module but I like this forum better :-) and as snort it is embedded in pfsense, it would be easier to figure out)

    so : once in a while, nobody can access my ftp or web server (through pfsense port forwarding)

    I noticed that once I cleared the snort blocked ip list, it works again

    the culprit alert is "NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE"

    so I was wondering how to disable just that rule (that leads to that above alert)

    do I just add it to the suppress list ?

    thanks



  • stupid of me, I just found the little red cross to supress the rule :-)



  • So you're getting flag using FTP over HTTP through a web browser?


Log in to reply