Project

General

Profile

Actions
Copy link

Feature #6785

closed

Allow setting of suricata's meta-field-limt libhtp parameter

Added by Orion Poplawski over 7 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
Low
Assignee:
-
Category:
Suricata
Target version:
-
Start date:
09/13/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:

Description

      #   meta-field-limit:       Hard size limit for request and response size
      #                           limits. Applies to request line and headers,
      #                           response line and headers. Does not apply to
      #                           request or response bodies. Default is 18k.
      #                           If this limit is reached an event is raised.

The default setting was triggering "SURICATA HTTP request field too long" alerts (apparently changed to "SURICATA HTTP request buffer too long" in suricata 3.1.2). I was able to change this manually by editing /usr/local/pkg/suricata/suricata_yaml_template.inc and adding it directly:

# Configure libhtp.
libhtp:
   default-config:
     {$http_hosts_default_policy}
     meta-field-limit: 30000
Actions
Copy link

Also available in: Atom PDF