This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web-* Rules

The rules that start with web-* are they useless to turn on if you do not run a webserver? I get alot of false positives with this. Mainly a few CGI's and a few PHP's, like viewtopic.php, viewforum.php and privmsg.php with CGI I get

WEB-CGI calendar access - ID 882
WEB-CGI redirect access - ID 895

which I'll be visiting a webpage that has the latest phpbb and get an alert and it drops my packets.

This thread was automatically locked due to age.

Parents

0 jjohnston62 over 19 years ago

Part of "tuning" the IDS is to turn off the rules that don't apply to your organization. So, if you don't have internal web servers, or mySQL server, Oracle, etc, I don't know why you'd be running the rules. Turn them off.
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 19 years ago in reply to jjohnston62

That, and make sure you have your Internal network(s) set in the IPS settings... HOME_NET is important for rules to work properly.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BrucekConvergent over 19 years ago in reply to jjohnston62

That, and make sure you have your Internal network(s) set in the IPS settings... HOME_NET is important for rules to work properly.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data