From: Mike Stepanek (mstepane) Date: Wed, 17 Feb 2021 12:33:30 +0000 (+0000) Subject: Merge pull request #2745 in SNORT/snort3 from ~MDAGON/snort3:doc_remove_detained... X-Git-Tag: 3.1.2.0~39 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=561ecbdd5111cc65c41b15c20a555bb6eca1cb5b;p=thirdparty%2Fsnort3.git Merge pull request #2745 in SNORT/snort3 from ~MDAGON/snort3:doc_remove_detained to master Squashed commit of the following: commit 18a1323b4462d37298071fa023a070b3d2786a7b Author: mdagon Date: Fri Feb 12 17:02:33 2021 -0500 doc: remove http detained inspection from user manual --- diff --git a/doc/user/http_inspect.txt b/doc/user/http_inspect.txt index 9733c2d74..f0c706864 100755 --- a/doc/user/http_inspect.txt +++ b/doc/user/http_inspect.txt @@ -99,19 +99,10 @@ depth parameter entirely because that is the default. These limits have no effect on how much data is forwarded to file processing. -===== detained_inspection - -Detained inspection is an experimental feature currently under development. -It enables Snort to more quickly detect and block response messages -containing malicious JavaScript. As this feature involves actively blocking -traffic it is designed for use with inline mode operation (-Q). - -This feature is off by default. detained_inspection = true will activate -it. - ===== script_detection -Script detection is an alternative to detained inspection. When +Script detection is a feature that enables Snort to more quickly detect and +block response messages containing malicious JavaScript. When http_inspect detects the end of a script it immediately forwards the available part of the message body for early detection. This enables malicious Javascripts to be detected more quickly but consumes somewhat