Bug #15222
closedHTTP_Inspect Preprocessor Engine: wrong legend on parameters
100%
Description
Server Flow Depth has the following legend:
Amount of HTTP server response payload to inspect. Minimum is -1 and maximum is 65535. -1 disables HTTP inspect and 0 enables all HTTP inspect. Default is 1460.
Snort's performance may increase by adjusting this value. Setting this value too low may cause false negatives. Values above 0 are specified in bytes. *Recommended setting is maximum (1460)* .
The recommended setting, if truly the max. is recommended, should read 65535 not 1460.
Similarly, but opposite:
Client Flow Depth has the following legend:
Amount of raw HTTP client request payload to inspect. Minimum is -1 and maximum is 1460. -1 disables HTTP inspect and 0 enables all HTTP inspect. Default is 65535.
Snort's performance may increase by adjusting this value. Setting this value too low may cause false negatives. Values above 0 are specified in bytes. *Recommended setting is maximum (65535)* .
The recommended setting exceeds the maximum of 1460, and thus, if truly the max. is recommended, should read 1460 not 65535