Snort Rules for web server
-
Hi All,
Happy New Year to all of you :) I have just built a cluster of web server behind pfsense a few days ago. As the snort log and alerts, I recognized that it seems to be wrong with some default rules of category "preprocessor.rules" as below:
- 119 4 not-suspicious none HI_CLIENT_BARE_BYTE
- 120 3 unknown none HI_SERVER_NO_CONTLEN
- 120 8 unknown none HI_CLISRV_MSG_SIZE_EXCEPTION
- 137 1 bad-unknown none SSL_INVALID_CLIENT_HELLO
I'm not sure if I'm correct or not. So I create this topic to ask for your help and experience: which rules are wrong? Do you have any collection of WAN rules for web server, FTP server, etc…
Thanks and Best Regards.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.