Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort Rules for web server

    Scheduled Pinned Locked Moved IDS/IPS
    1 Posts 1 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nasexp
      last edited by

      Hi All,

      Happy New Year to all of you  :) I have just built a cluster of web server behind pfsense a few days ago. As the snort log and alerts, I recognized that it seems to be wrong with some default rules of category "preprocessor.rules" as below:

      • 119 4 not-suspicious none HI_CLIENT_BARE_BYTE
      • 120 3 unknown none HI_SERVER_NO_CONTLEN
      • 120 8 unknown none HI_CLISRV_MSG_SIZE_EXCEPTION
      • 137 1 bad-unknown none SSL_INVALID_CLIENT_HELLO
        I'm not sure if I'm correct or not. So I create this topic to ask for your help and experience: which rules are wrong? Do you have any collection of WAN rules for web server, FTP server, etc…

      Thanks and Best Regards.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.