From 45b5d5d6adebd32322c64c0983022023c241e42c Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Mon, 31 Oct 2011 20:54:26 +0000
Subject: Add settings to allow inspecting gzipped http flows.

---
 config/snort/snort.inc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'config/snort')

diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 2973a409..ed4bc15f 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -1971,7 +1971,7 @@ EOD;
                 #
 #################
 
-preprocessor http_inspect: global iis_unicode_map unicode.map 1252
+preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535
 
 preprocessor http_inspect_server: server default \
                         ports  { 80 8080 }  \
@@ -1982,6 +1982,9 @@ preprocessor http_inspect_server: server default \
                         directory no \
                         iis_backslash no \
                         u_encode yes \
+			inspect_gzip \
+			normalize_utf \
+			unlimited_decompress \
                         ascii no \
                         chunk_length 500000 \
                         bare_byte yes \
-- 
cgit v1.2.3