From: | "Andrew Dunstan" <andrew(at)dunslane(dot)net> |
---|---|
To: | <Robert_Creager(at)LogicalChaos(dot)org> |
Cc: | pgbuildfarm-members(at)pgfoundry(dot)org |
Subject: | Re: [Pgbuildfarm-members] Build farm triggering Snort alerts... |
Date: | 2005-12-28 12:55:16 |
Message-ID: | 3587.24.211.165.134.1135774516.squirrel@www.dunslane.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | buildfarm-members |
Robert Creager said:
>
> Just something interesting I noticed. The scripts are triggering Snort
> alerts (BARE BYTE UNICODE ENCODING and OVERSIZE REQUEST-URI DIRECTORY),
> on the outbound session when sending results.
>
Then snort is being absurdly paranoid, and needs to chill. ;-)
The supposed "directory" doesn't exist, of course. What it probably thinks
is a directory name is in fact the request signature which we append to the
URL and the script extracts via PATHINFO. e.g.:
127.0.0.1 - - [28/Dec/2005:02:37:50 -0800] "POST
/cgi-bin/pgstatus.pl/aaac141e46ea17aee8cf3012adc174fcac273e62 HTTP/1.1"
200 59
as for the unicode - I have no idea what it's talking about - perl's LWP
should be encoding anything that requires it properly.
If someone can work out snort settings to silence these alerts then please
let us all know - I don't use snort so I have no idea.
cheers
andrew
From | Date | Subject | |
---|---|---|---|
Next Message | Andrew Dunstan | 2005-12-29 18:31:49 | [Pgbuildfarm-members] release 2.12 of client code |
Previous Message | Robert Creager | 2005-12-28 05:05:53 | [Pgbuildfarm-members] Build farm triggering Snort alerts... |