Project

General

Profile

Actions

Bug #15222

closed

HTTP_Inspect Preprocessor Engine: wrong legend on parameters

Added by Ronald Antony 9 months ago. Updated 8 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Snort
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
2.7.2
Affected Plus Version:
Affected Architecture:

Description

Server Flow Depth has the following legend:

Amount of HTTP server response payload to inspect. Minimum is -1 and maximum is 65535. -1 disables HTTP inspect and 0 enables all HTTP inspect. Default is 1460.
Snort's performance may increase by adjusting this value. Setting this value too low may cause false negatives. Values above 0 are specified in bytes. *Recommended setting is maximum (1460)* .

The recommended setting, if truly the max. is recommended, should read 65535 not 1460.

Similarly, but opposite:

Client Flow Depth has the following legend:

Amount of raw HTTP client request payload to inspect. Minimum is -1 and maximum is 1460. -1 disables HTTP inspect and 0 enables all HTTP inspect. Default is 65535.
Snort's performance may increase by adjusting this value. Setting this value too low may cause false negatives. Values above 0 are specified in bytes. *Recommended setting is maximum (65535)* .

The recommended setting exceeds the maximum of 1460, and thus, if truly the max. is recommended, should read 1460 not 65535

Actions #1

Updated by Bill Meeks 8 months ago

This fix for this bug has been posted as part of this pull request: https://github.com/pfsense/FreeBSD-ports/pull/1347.

When the pull request is merged, this Issue may be marked RESOLVED.

Actions #2

Updated by Jim Pingle 8 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

PR merged, thanks!

Actions

Also available in: Atom PDF