# check for htp_tx_get_response_headers_raw
AC_CHECK_LIB([htp], [htp_tx_get_response_headers_raw],AC_DEFINE_UNQUOTED([HAVE_HTP_TX_GET_RESPONSE_HEADERS_RAW],[1],[Found htp_tx_get_response_headers_raw in libhtp]) ,,[-lhtp])
AC_CHECK_LIB([htp], [htp_decode_query_inplace],AC_DEFINE_UNQUOTED([HAVE_HTP_DECODE_QUERY_INPLACE],[1],[Found htp_decode_query_inplace function in libhtp]) ,,[-lhtp])
+ AC_CHECK_LIB([htp], [htp_config_set_response_decompression_layer_limit],AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_RESPONSE_DECOMPRESSION_LAYER_LIMIT],[1],[Found htp_config_set_response_decompression_layer_limit function in libhtp]) ,,[-lhtp])
AC_EGREP_HEADER(htp_config_set_path_decode_u_encoding, htp/htp.h, AC_DEFINE_UNQUOTED([HAVE_HTP_SET_PATH_DECODE_U_ENCODING],[1],[Found usable htp_config_set_path_decode_u_encoding function in libhtp]) )
])
AC_DEFINE_UNQUOTED([HAVE_HTP_URI_NORMALIZE_HOOK],[1],[Assuming htp_config_register_request_uri_normalize function in bundled libhtp])
AC_DEFINE_UNQUOTED([HAVE_HTP_TX_GET_RESPONSE_HEADERS_RAW],[1],[Assuming htp_tx_get_response_headers_raw function in bundled libhtp])
AC_DEFINE_UNQUOTED([HAVE_HTP_DECODE_QUERY_INPLACE],[1],[Assuming htp_decode_query_inplace function in bundled libhtp])
+ # enable when libhtp has been updated
+ AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_RESPONSE_DECOMPRESSION_LAYER_LIMIT],[1],[Assuming htp_config_set_response_decompression_layer_limit function in bundled libhtp])
else
echo
echo " ERROR: Libhtp is not bundled. Get libhtp by doing:"
- echo " git clone https://github.com/ironbee/libhtp"
+ echo " git clone https://github.com/OISF/libhtp"
echo " Then re-run Suricata's autogen.sh and configure script."
echo " Or, if libhtp is installed in a different location,"
echo " pass --enable-non-bundled-htp to Suricata's configure script."
exit(EXIT_FAILURE);
}
+ } else if (strcasecmp("response-body-decompress-layer-limit", p->name) == 0) {
+ uint32_t value = 2;
+ if (ParseSizeStringU32(p->val, &value) < 0) {
+ SCLogError(SC_ERR_SIZE_PARSE, "Error parsing response-body-inspect-window "
+ "from conf file - %s. Killing engine", p->val);
+ exit(EXIT_FAILURE);
+ }
+#ifdef HAVE_HTP_CONFIG_SET_RESPONSE_DECOMPRESSION_LAYER_LIMIT
+ htp_config_set_response_decompression_layer_limit(cfg_prec->cfg, value);
+#else
+ SCLogWarning(SC_WARN_OUTDATED_LIBHTP, "can't set response-body-decompress-layer-limit "
+ "to %u, libhtp version too old", value);
+#endif
} else if (strcasecmp("path-convert-backslash-separators", p->name) == 0) {
htp_config_set_backslash_convert_slashes(cfg_prec->cfg,
HTP_DECODER_URL_PATH,
# by file_data, http_server_body & pcre /Q option.
# double-decode-path: Double decode path section of the URI
# double-decode-query: Double decode query section of the URI
+ # response-body-decompress-layer-limit:
+ # Limit to how many layers of compression will be
+ # decompressed. Defaults to 2.
#
# server-config: List of server configurations to use if address matches
# address: List of ip addresses or networks for this block
response-body-minimal-inspect-size: 40kb
response-body-inspect-window: 16kb
+ # response body decompression (0 disables)
+ response-body-decompress-layer-limit: 2
+
# auto will use http-body-inline mode in IPS mode, yes or no set it statically
http-body-inline: auto
projects / thirdparty / suricata.git / commitdiff
