Squid - Operation Not Permitted error

miles267 · Dec 30, 2011, 12:15 AM

I recently noticed that Snort was returning Operation Not Permitted errors for certain web sites embedded within other sites OR when attempting to go to other websites (www.dyson.com for example). Short of disabling any Snort category containing "web-client" within the title, is there a better way to address this issue? Seems like I'm disabling 100% of snort's web client protection when I may only need to disable a specific Snort rule within the category itself.

Has anyone figured out how to determine specifically which rule is the problem and how to disable only that one to address the issue?

marcelloc · Dec 30, 2011, 12:22 AM

It will be on snort logs, take a look on any http inspect forum topic to see how to do this.

One how to I know is this video tutorial.

https://www.youtube.com/watch?v=uQ7OrxtiAes

miles267 · Dec 30, 2011, 2:48 AM

Thank you. I've followed this great YouTube tutorial. Was very helpful. Isn't always easy to tell exactly which alert corresponds with which action but I usually clear all Snort alerts and attempt to reproduce the issue to see whether it then shows up in the logs.

Also, is it me or does it take a while after restarting Snort for it to load up and load all categories/rules?

marcelloc · Dec 30, 2011, 2:54 AM

Not sure. I do not change snort rules that often.