[Oisf-users] suricata not drop http traffic
Victor Julien
lists at inliniac.net
Sun Oct 14 10:00:57 UTC 2012
On 10/14/2012 11:45 AM, Heřbolt, Lukáš wrote:
> Thank you, that was the the problem.
> It's woking now.
Great. We're changing that to "auto", where in IPS mode it's enabled, in
IDS mode disabled.
Cheers,
Victor
>
> On 12 October 2012 23:08, Victor Julien <lists at inliniac.net
> <mailto:lists at inliniac.net>> wrote:
>
> On 10/12/2012 10:51 PM, Heřbolt, Lukáš wrote:
> > Hello,
> > I have Suricata 1.3.2 installed on my CentOS 6.3.
> > Suricata is running IPS/inline mode with nfqueue.
> > If I create rule with drop option suricata just logged
> > it into fast.log and drop.log, but no packet is dropped,
> > and http traffic works normaly.
>
> Can you give an example of a rule?
>
> Also, did you enable "inline" in the stream section?
>
> stream:
> memcap: 32mb
> checksum_validation: yes # reject wrong csums
> inline: yes
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> <mailto:Oisf-users at openinfosecfoundation.org>
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
>
>
> --
> Lukáš Heřbolt
> Linux Administrator
>
> ET NETERA | smart e-business
> [a] Milady Horákové 108, 160 00 Praha 6
> [t] +420 725 267 158 [i] www.etnetera.cz <http://www.etnetera.cz>
> ~
> [www.ifortuna.cz <http://www.ifortuna.cz> | www.o2.cz
> <http://www.o2.cz> | www.datart.cz <http://www.datart.cz> ]
> [www.skodaplus.cz <http://www.skodaplus.cz> | www.nivea.cz
> <http://www.nivea.cz> | www.allianz.cz <http://www.allianz.cz>]
>
>
> Created by ET NETERA | Powered by jNetPublish
>
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list