From: Mike Stepanek (mstepane) Date: Tue, 3 Dec 2019 16:40:53 +0000 (+0000) Subject: Merge pull request #1872 in SNORT/snort3 from ~THOPETER/snort3:doc_detained_inspectio... X-Git-Tag: 3.0.0-266~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8791c0c30d11a909f30f5b9696ec5bc1efd0ab80;p=thirdparty%2Fsnort3.git Merge pull request #1872 in SNORT/snort3 from ~THOPETER/snort3:doc_detained_inspection to master Squashed commit of the following: commit d8229b442b674dd56ad47a1f9d7135ea08a70786 Author: Tom Peters Date: Tue Dec 3 11:34:16 2019 -0500 http_inspect: update user manual for detained inspection --- diff --git a/doc/http_inspect.txt b/doc/http_inspect.txt index 740934f8f..bad2c291a 100644 --- a/doc/http_inspect.txt +++ b/doc/http_inspect.txt @@ -99,18 +99,17 @@ depth parameter entirely because that is the default. These limits have no effect on how much data is forwarded to file processing. -===== accelerated_blocking +===== detained_inspection -Accelerated blocking is an experimental feature currently under -development. It enables Snort to more quickly detect and block response -messages containing malicious JavaScript. As this feature involves -actively blocking traffic it is designed for use with inline mode -operation (-Q). +Detained inspection is an experimental feature currently under development. +It enables Snort to more quickly detect and block response messages +containing malicious JavaScript. As this feature involves actively blocking +traffic it is designed for use with inline mode operation (-Q). This feature only functions with response_depth = -1 (unlimited). This limitation will be removed in a future version. -This feature is off by default. accelerated_blocking = true will activate +This feature is off by default. detained_inspection = true will activate it. ===== gzip