Snort suppress list not working ?
-
Hello,
i have problems with some ruls that are fals-pozitive like:
(http_inspect) NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE
(http_inspect) BARE BYTE UNICODE ENCODING
(http_inspect) UNKNOWN METHODAdded suppress gen_id 119, sig_id 4 for BARE BYTE UNICODE ENCODING but with no effect (restarted snort afther adding the suppress rule)
Tried to disable the rule from Wan rules > preprocessor.rules, in the snort Alert the disabled rules will appear with a yellow X but snort will block this alert even if is disabled.
Is there a way to disable all the snort rules ? I only want to use my custom rules.. tnx.
-
The following threads have some more info to help you :
https://forum.pfsense.org/index.php?topic=87374.msg479725#msg479725
-
Already did that, from there i have the suppress list.. problem is that suppress list not working..
-
Solved, i was missing the "Choose a suppression or filtering file if desired" option.. my bad sry :)
-
Solved, i was missing the "Choose a suppression or filtering file if desired" option.. my bad sry :)
And after choosing that file and saving the change, remember to restart Snort on that interface.
Bill