Snort fails to start, error must enable 'extended_response_inspection'
-
Hi all,
Snort has been refusing to start for me today, the relevant line from the log is this:
snort[52143]: FATAL ERROR: /usr/local/etc/snort/snort_59221_fxp0/snort.conf(171) => Enable 'extended_response_inspection' inspection before setting 'inspect_gzip'
Here is the HTTP section from /usr/local/etc/snort/snort.conf
HTTP normalization and anomaly detection. For more information, see README.http_inspect
preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535
preprocessor http_inspect_server: server default
chunk_length 500000
server_flow_depth 0
client_flow_depth 0
post_depth 65495
oversize_dir_length 500
max_header_length 750
max_headers 100
ports { 80 81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8181 8243 8280 8888 9090 9091 9443 9999 11371 }
non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 }
enable_cookie
extended_response_inspection
inspect_gzip
normalize_utf
unlimited_decompress
apache_whitespace no
ascii no
bare_byte no
directory no
double_decode no
iis_backslash no
iis_delimiter no
iis_unicode no
multi_slash no
utf_8 no
u_encode yes
webroot noSo it appears it is listed, beyond that I don't know what to look for, I'm hoping someone can help me. Thanks in advance.
pfSense info:
2.0 Release AMD64
Snort 2.9.0.5 pkg v. 2.0SNORT.ORG >>> "d94dd7f6ecc5d2c4fb215ce35b717921"
EMERGINGTHREATS.NET >>> f05ecb736d02e8e415a2db4e93377df9
PFSENSE.ORG >>> "e8a95fd5f1b40e878fedeffd585134bb" -
This issue as fixed yesterday by ermal, reinstall package.
http://forum.pfsense.org/index.php/topic,37557.msg220087.html#msg220087
-
Thank you for that, it's working now.