Merge pull request #2745 in SNORT/snort3 from ~MDAGON/snort3:doc_remove_detained...

author Mike Stepanek (mstepane) <mstepane@cisco.com>

Wed, 17 Feb 2021 12:33:30 +0000 (12:33 +0000)

committer Mike Stepanek (mstepane) <mstepane@cisco.com>

Wed, 17 Feb 2021 12:33:30 +0000 (12:33 +0000)
author Mike Stepanek (mstepane) <mstepane@cisco.com>
Wed, 17 Feb 2021 12:33:30 +0000 (12:33 +0000)
committer Mike Stepanek (mstepane) <mstepane@cisco.com>
Wed, 17 Feb 2021 12:33:30 +0000 (12:33 +0000)
diff --git a/doc/user/http_inspect.txt b/doc/user/http_inspect.txt

index 9733c2d745ef83ea92522fd9d4451037af0a855f..f0c70686456b756f68db22027d8d8d1c5bf3eddf 100755 (executable)
--- a/doc/user/http_inspect.txt
+++ b/doc/user/http_inspect.txt
@@ -99,19 +99,10 @@ depth parameter entirely because that is the default.
  These limits have no effect on how much data is forwarded to file
  processing.
  
-===== detained_inspection
-
-Detained inspection is an experimental feature currently under development.
-It enables Snort to more quickly detect and block response messages
-containing malicious JavaScript. As this feature involves actively blocking
-traffic it is designed for use with inline mode operation (-Q).
-
-This feature is off by default. detained_inspection = true will activate
-it.
-
  ===== script_detection
  
-Script detection is an alternative to detained inspection. When
+Script detection is a feature that enables Snort to more quickly detect and
+block response messages containing malicious JavaScript. When
  http_inspect detects the end of a script it immediately forwards the
  available part of the message body for early detection. This enables
  malicious Javascripts to be detected more quickly but consumes somewhat
author	Mike Stepanek (mstepane) <mstepane@cisco.com>
	Wed, 17 Feb 2021 12:33:30 +0000 (12:33 +0000)
committer	Mike Stepanek (mstepane) <mstepane@cisco.com>
	Wed, 17 Feb 2021 12:33:30 +0000 (12:33 +0000)