Project

General

Profile

Feature #6785

Allow setting of suricata's meta-field-limt libhtp parameter

Added by Orion Poplawski almost 3 years ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
Suricata
Target version:
-
Start date:
09/13/2016
Due date:
% Done:

0%

Estimated time:

Description

      #   meta-field-limit:       Hard size limit for request and response size
      #                           limits. Applies to request line and headers,
      #                           response line and headers. Does not apply to
      #                           request or response bodies. Default is 18k.
      #                           If this limit is reached an event is raised.

The default setting was triggering "SURICATA HTTP request field too long" alerts (apparently changed to "SURICATA HTTP request buffer too long" in suricata 3.1.2). I was able to change this manually by editing /usr/local/pkg/suricata/suricata_yaml_template.inc and adding it directly:

# Configure libhtp.
libhtp:
   default-config:
     {$http_hosts_default_policy}
     meta-field-limit: 30000

Also available in: Atom PDF