To get the server sensor to run the HTTP_* signature set over the decrypted SSL traffic on an apache server, does the pam.tcpport.HTTP parameter have to include port 443 as well as 80?
pam.tcpport.HTTP[1] = 80 pam.tcpport.HTTP[2] = 443 or does the sensor run the HTTP_* sigs over a decoded port 443 packet anyway as it has only the payload now and the tcp/ip headers have been stripped away? by ISS magik? I'm trying to get ../../../etc/passwd to fire over SSL but it's not right now. Can anyone shed some light on this please? cheers, Nick. _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
