Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort blocked pfSense Forum

    Scheduled Pinned Locked Moved IDS/IPS
    4 Posts 4 Posters 3.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfcode
      last edited by

      Hi,

      This is an odd one. Snort blocked pfSense forum by:

      Potentially Bad Traffic 192.168.1.100 5600 208.123.73.18  443  140:3    (spp_sip) URI is too long

      Release: pfSense 2.4.3(amd64)
      M/B: Supermicro A1SRi-2558F
      HDD: Intel X25-M 160G
      RAM: 2x8Gb Kingston ECC ValueRAM
      AP: Netgear R7000 (XWRT), Unifi AC Pro

      1 Reply Last reply Reply Quote 0
      • T
        THS
        last edited by

        @pfcode:

        Hi,

        This is an odd one. Snort blocked pfSense forum by:

        Potentially Bad Traffic 192.168.1.100 5600 208.123.73.18  443  140:3    (spp_sip) URI is too long

        Hmm I got this too. Not sure what to make of it.

        1 Reply Last reply Reply Quote 0
        • D
          dgall
          last edited by

          I also have pfsense blocking some forums.

          1 Reply Last reply Reply Quote 0
          • MikeV7896M
            MikeV7896
            last edited by

            That's happening because of a SIP rule (spp_sip)… and yeah, a web address URL for many sites would certainly be too long for SIP. The better question would be why a SIP rule is being triggered for a web connection.

            The S in IOT stands for Security

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.