Project

General

Profile

Feature #6785

Allow setting of suricata's meta-field-limt libhtp parameter

Added by Orion Poplawski over 3 years ago. Updated 8 months ago.

Status:
Resolved
Priority:
Low
Assignee:
-
Category:
Suricata
Target version:
-
Start date:
09/13/2016
Due date:
% Done:

0%

Estimated time:

Description

      #   meta-field-limit:       Hard size limit for request and response size
      #                           limits. Applies to request line and headers,
      #                           response line and headers. Does not apply to
      #                           request or response bodies. Default is 18k.
      #                           If this limit is reached an event is raised.

The default setting was triggering "SURICATA HTTP request field too long" alerts (apparently changed to "SURICATA HTTP request buffer too long" in suricata 3.1.2). I was able to change this manually by editing /usr/local/pkg/suricata/suricata_yaml_template.inc and adding it directly:

# Configure libhtp.
libhtp:
   default-config:
     {$http_hosts_default_policy}
     meta-field-limit: 30000

History

#1 Updated by Bill Meeks 8 months ago

This issue can be closed as RESOLVED. The requested change has been added to the Suricata GUI package in this pull request: https://github.com/pfsense/FreeBSD-ports/pull/677.

#2 Updated by Jim Pingle 8 months ago

  • Status changed from New to Resolved

Also available in: Atom PDF