Snort - how to supress a blocking rule
-
Hi,
(I know it's a bit particular to the snort module but I like this forum better :-) and as snort it is embedded in pfsense, it would be easier to figure out)
so : once in a while, nobody can access my ftp or web server (through pfsense port forwarding)
I noticed that once I cleared the snort blocked ip list, it works again
the culprit alert is "NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE"
so I was wondering how to disable just that rule (that leads to that above alert)
do I just add it to the suppress list ?
thanks
-
stupid of me, I just found the little red cross to supress the rule :-)
-
So you're getting flag using FTP over HTTP through a web browser?