4. HTTP inspect false alerts

HTTP inspect false alerts

  • D

    Hi

    I'm pretty new to Snort. It works well however I'm getting a lot of blocked IPs in relation to the following message :-

    (http_inspect) NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE

    … or similar HTTP_INSPECT messages. I know these are false and/or harmless messages as it will kill the majority of my Internet access when Snort decides to block. One of the main issues is that it is blocking one of my ISPs routers.

    I'm finding it tricky to interpret the blocking reason and then finding the rule to disable it. I thought maybe each entry may have an option to disable to rule or to allow the blocked IP from now onwards?

    I've had to disable blocking now as the missus is getting annoyed with Snort :)

    Cheers,

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy