HTTP inspector configuration
The HTTP inspectors are enabled via the configuration file as follows:
http_inspect = { }
http2_inspect = { } These enable the corresponding inspectors to use the default configuration settings. Any deviations from the default settings need to be done by modifying the specific configuration parameters. Each of the inspectors has a set of their own configurable parameters.
The configuration options for each module can be listed using the help command available with Snort. For example, the command for http_inspect would be as follows:
snort3 --help-module http_inspect
Let us briefly discuss a few of the configuration options available for http_inspect:
- Limit to request and response depth: The request and response sizes can be really large. Therefore, in order to limit the inspection for performance reasons, there are two configuration settings, as follows:
int http_inspect.request_depth = -1: max request message body bytes to examine int...
