Add settings to allow inspecting gzipped http flows.

author: Ermal <eri@pfsense.org> 2011-10-31 20:54:26 +0000
committer: Ermal <eri@pfsense.org> 2011-10-31 20:54:26 +0000
commit: 45b5d5d6adebd32322c64c0983022023c241e42c (patch)
tree: 70172552fab88fcc4c686aa393b331560d594968 /config/snort
parent: f6eede1343ccddb6d6f504acb574e4ea05821116 (diff)
download: pfsense-packages-45b5d5d6adebd32322c64c0983022023c241e42c.tar.gz
pfsense-packages-45b5d5d6adebd32322c64c0983022023c241e42c.tar.bz2
pfsense-packages-45b5d5d6adebd32322c64c0983022023c241e42c.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 2973a409..ed4bc15f 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -1971,7 +1971,7 @@ EOD;
                 #
 #################
 
-preprocessor http_inspect: global iis_unicode_map unicode.map 1252
+preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535
 
 preprocessor http_inspect_server: server default \
                         ports  { 80 8080 }  \
@@ -1982,6 +1982,9 @@ preprocessor http_inspect_server: server default \
                         directory no \
                         iis_backslash no \
                         u_encode yes \
+			inspect_gzip \
+			normalize_utf \
+			unlimited_decompress \
                         ascii no \
                         chunk_length 500000 \
                         bare_byte yes \
author	Ermal <eri@pfsense.org>	2011-10-31 20:54:26 +0000
committer	Ermal <eri@pfsense.org>	2011-10-31 20:54:26 +0000
commit	45b5d5d6adebd32322c64c0983022023c241e42c (patch)
tree	70172552fab88fcc4c686aa393b331560d594968 /config/snort
parent	f6eede1343ccddb6d6f504acb574e4ea05821116 (diff)
download	pfsense-packages-45b5d5d6adebd32322c64c0983022023c241e42c.tar.gz pfsense-packages-45b5d5d6adebd32322c64c0983022023c241e42c.tar.bz2 pfsense-packages-45b5d5d6adebd32322c64c0983022023c241e42c.zip