Bug #15222
closedHTTP_Inspect Preprocessor Engine: wrong legend on parameters
100%
Description
Server Flow Depth has the following legend:
Amount of HTTP server response payload to inspect. Minimum is -1 and maximum is 65535. -1 disables HTTP inspect and 0 enables all HTTP inspect. Default is 1460.
Snort's performance may increase by adjusting this value. Setting this value too low may cause false negatives. Values above 0 are specified in bytes. *Recommended setting is maximum (1460)* .
The recommended setting, if truly the max. is recommended, should read 65535 not 1460.
Similarly, but opposite:
Client Flow Depth has the following legend:
Amount of raw HTTP client request payload to inspect. Minimum is -1 and maximum is 1460. -1 disables HTTP inspect and 0 enables all HTTP inspect. Default is 65535.
Snort's performance may increase by adjusting this value. Setting this value too low may cause false negatives. Values above 0 are specified in bytes. *Recommended setting is maximum (65535)* .
The recommended setting exceeds the maximum of 1460, and thus, if truly the max. is recommended, should read 1460 not 65535
Updated by Bill Meeks 8 months ago
This fix for this bug has been posted as part of this pull request: https://github.com/pfsense/FreeBSD-ports/pull/1347.
When the pull request is merged, this Issue may be marked RESOLVED.
Updated by Jim Pingle 8 months ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
PR merged, thanks!