diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index e41d3517c..efd79b58c 100644
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -56,6 +56,7 @@ $snortsettings{'ENABLE_SNORT'} = 'off';
$snortsettings{'ENABLE_SNORT_GREEN'} = 'off';
$snortsettings{'ENABLE_SNORT_BLUE'} = 'off';
$snortsettings{'ENABLE_SNORT_ORANGE'} = 'off';
+$snortsettings{'ENABLE_PREPROCESSOR_HTTP_INSPECT'} = 'off';
$snortsettings{'ENABLE_GUARDIAN'} = 'off';
$snortsettings{'GUARDIAN_INTERFACE'} = `cat /var/ipfire/red/iface`;
$snortsettings{'GUARDIAN_HOSTGATEWAYBYTE'} = '1';
@@ -108,9 +109,20 @@ if (-e "/etc/snort/snort.conf") {
# Loop over each line
foreach my $line (@snortconfig) {
- # Trim the line
+ # Trim the line
chomp $line;
+ if ($snortsettings{'ACTION'} eq $Lang::tr{'save'}) {
+ # Check for preprocessor settings
+ if ($line =~ /preprocessor http_inspect:/) {
+ # Strip out leading # from rule line
+ $line =~ s/\# ?//i;
+ if (($snortsettings{'ENABLE_PREPROCESSOR_HTTP_INSPECT'} eq 'off')) {
+ $line = "# $line";
+ }
+ }
+ }
+
# Check for a line with .rules
if ($line =~ /\.rules$/) {
# Parse out rule file name
@@ -226,6 +238,7 @@ if (-e "/etc/snort/snort.conf") {
if (!exists $snortsettings{"SNORT_RULE_$rule"}) {
$line = "# $line";
}
+
}
# Check for rule state
@@ -301,6 +314,12 @@ if ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} e
} else {
unlink "${General::swroot}/snort/enable_orange";
}
+ if ($snortsettings{'ENABLE_PREPROCESSOR_HTTP_INSPECT'} eq 'on')
+ {
+ system ('/usr/bin/touch', "${General::swroot}/snort/enable_preprocessor_http_inspect");
+ } else {
+ unlink "${General::swroot}/snort/enable_preprocessor_http_inspect";
+ }
if ($snortsettings{'ENABLE_GUARDIAN'} eq 'on')
{
system ('/usr/bin/touch', "${General::swroot}/guardian/enable");
@@ -308,7 +327,7 @@ if ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} e
unlink "${General::swroot}/guardian/enable";
}
- system('/usr/local/bin/snortctrl restart >/dev/null');
+ system('/usr/local/bin/snortctrl restart >/dev/null');
} elsif ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} eq "guardian" ){
open(IGNOREFILE, ">$snortsettings{'GUARDIAN_IGNOREFILE'}") or die "Unable to write guardian ignore file $snortsettings{'GUARDIAN_IGNOREFILE'}";
@@ -365,6 +384,9 @@ $checked{'ENABLE_SNORT_BLUE'}{$snortsettings{'ENABLE_SNORT_BLUE'}} = "checked='c
$checked{'ENABLE_SNORT_ORANGE'}{'off'} = '';
$checked{'ENABLE_SNORT_ORANGE'}{'on'} = '';
$checked{'ENABLE_SNORT_ORANGE'}{$snortsettings{'ENABLE_SNORT_ORANGE'}} = "checked='checked'";
+$checked{'ENABLE_PREPROCESSOR_HTTP_INSPECT'}{'off'} = '';
+$checked{'ENABLE_PREPROCESSOR_HTTP_INSPECT'}{'on'} = '';
+$checked{'ENABLE_PREPROCESSOR_HTTP_INSPECT'}{$snortsettings{'ENABLE_PREPROCESSOR_HTTP_INSPECT'}} = "checked='checked'";
$checked{'ENABLE_GUARDIAN'}{'off'} = '';
$checked{'ENABLE_GUARDIAN'}{'on'} = '';
$checked{'ENABLE_GUARDIAN'}{$snortsettings{'ENABLE_GUARDIAN'}} = "checked='checked'";
@@ -433,6 +455,14 @@ print <
+
+
$Lang::tr{'ids preprocessor'}
+
+
+
http_inspect
+
+
+
$Lang::tr{'ids rules update'}
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index b47f5ba91..132137ea1 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -852,6 +852,7 @@
'ids rules license2' => 'Bestätigen Sie die Lizenz, empfangen Sie Ihr Passwort per email und gehen Sie auf die Website. Gehen Sie zu',
'ids rules license3' => 'klicken Sie den \'Get Code\' Knopf am Fuß und kopieren den 40-Zeichen Oink Code in das untere Feld.',
'ids rules update' => 'Snort Regeln Update',
+'ids preprocessor' => 'Snort Präprozessor',
'iface' => 'Iface',
'ignore filter' => '"Ignorieren"-Filter',
'ike encryption' => 'IKE Verschlüsselung:',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index fd0579358..174e26aae 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -881,6 +881,7 @@
'ids rules license2' => 'Acknowledge the license, receive your password by email, and connect to the site. Go to',
'ids rules license3' => 'press the \'Get Code\' button at the bottom and copy the 40 character Oink Code into the field below.',
'ids rules update' => 'Snort rules update',
+'ids preprocessor' => 'Snort preprocessor',
'iface' => 'Iface',
'ignore filter' => 'Ignore filter',
'ike encryption' => 'IKE Encryption:',