Snort White/Suppresion lists

  • Hello everyone just wondering if it is safe to set HTTP server flow depth at -1 to disable analysis of https browsing or if anyone knows where a good place would be to download white/suppresion lists that would allow browsing with each and every second page not getting blocked.

    Also with HTTP server flow depth at -1 and blocking of src/dst ips traffic that generate snort alerts on other ports does this block all data to/from that src/dst ip including http requests for webpages from hosts behind my pfsense box as long as firewall rules are enabled?

Log in to reply