Snort blocked pfSense Forum



  • Hi,

    This is an odd one. Snort blocked pfSense forum by:

    Potentially Bad Traffic 192.168.1.100 5600 208.123.73.18  443  140:3    (spp_sip) URI is too long



  • @pfcode:

    Hi,

    This is an odd one. Snort blocked pfSense forum by:

    Potentially Bad Traffic 192.168.1.100 5600 208.123.73.18  443  140:3    (spp_sip) URI is too long

    Hmm I got this too. Not sure what to make of it.



  • I also have pfsense blocking some forums.



  • That's happening because of a SIP rule (spp_sip)… and yeah, a web address URL for many sites would certainly be too long for SIP. The better question would be why a SIP rule is being triggered for a web connection.


Log in to reply