From: Mike Stepanek (mstepane) Date: Mon, 16 Dec 2019 13:09:10 +0000 (+0000) Subject: Merge pull request #1880 in SNORT/snort3 from ~NIHDESAI/snort3:limit_detained_ins... X-Git-Tag: 3.0.0-267~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6e681c9d6a35d5d11e213fe64d82003001aab848;p=thirdparty%2Fsnort3.git Merge pull request #1880 in SNORT/snort3 from ~NIHDESAI/snort3:limit_detained_ins to master Squashed commit of the following: commit de16cdefb4d6587f116b42a8b992154e059f387b Author: Nihal Desai Date: Thu Dec 5 03:51:54 2019 -0500 http_inspect: support limited response depth --- diff --git a/doc/http_inspect.txt b/doc/http_inspect.txt index bad2c291a..526cf1173 100644 --- a/doc/http_inspect.txt +++ b/doc/http_inspect.txt @@ -106,9 +106,6 @@ It enables Snort to more quickly detect and block response messages containing malicious JavaScript. As this feature involves actively blocking traffic it is designed for use with inline mode operation (-Q). -This feature only functions with response_depth = -1 (unlimited). This -limitation will be removed in a future version. - This feature is off by default. detained_inspection = true will activate it. diff --git a/src/service_inspectors/http_inspect/http_msg_header.cc b/src/service_inspectors/http_inspect/http_msg_header.cc index 5ff10d285..86799351f 100644 --- a/src/service_inspectors/http_inspect/http_msg_header.cc +++ b/src/service_inspectors/http_inspect/http_msg_header.cc @@ -303,8 +303,7 @@ void HttpMsgHeader::prepare_body() update_depth(); // Limitations on detained inspection will be lifted as the feature is built out session_data->detained_inspection[source_id] = params->detained_inspection && - (source_id == SRC_SERVER) && (session_data->compression[source_id] == CMP_NONE) && - (params->request_depth == -1); + (source_id == SRC_SERVER) && (session_data->compression[source_id] == CMP_NONE); if (source_id == SRC_CLIENT) { HttpModule::increment_peg_counts(PEG_REQUEST_BODY);