Bug #15222
closed
HTTP_Inspect Preprocessor Engine: wrong legend on parameters
100%
Description
Server Flow Depth has the following legend:
Amount of HTTP server response payload to inspect. Minimum is -1 and maximum is 65535. -1 disables HTTP inspect and 0 enables all HTTP inspect. Default is 1460.
Snort's performance may increase by adjusting this value. Setting this value too low may cause false negatives. Values above 0 are specified in bytes. *Recommended setting is maximum (1460)* .
The recommended setting, if truly the max. is recommended, should read 65535 not 1460.
Similarly, but opposite:
Client Flow Depth has the following legend:
Amount of raw HTTP client request payload to inspect. Minimum is -1 and maximum is 1460. -1 disables HTTP inspect and 0 enables all HTTP inspect. Default is 65535.
Snort's performance may increase by adjusting this value. Setting this value too low may cause false negatives. Values above 0 are specified in bytes. *Recommended setting is maximum (65535)* .
The recommended setting exceeds the maximum of 1460, and thus, if truly the max. is recommended, should read 1460 not 65535
Updated by Bill Meeks 11 months ago
This fix for this bug has been posted as part of this pull request: https://github.com/pfsense/FreeBSD-ports/pull/1347.
When the pull request is merged, this Issue may be marked RESOLVED.
Updated by Jim Pingle 11 months ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
PR merged, thanks!