From af13d4de180515f92813befc9bca06b66f7233bb Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Thu, 25 Feb 2021 22:38:34 +0100
Subject: [PATCH] detect: set HTTP SWF decompress limits

---
 suricata.yaml.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/suricata.yaml.in b/suricata.yaml.in
index 8534f7ee9d..c1e6c207f5 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -872,8 +872,8 @@ app-layer:
            swf-decompression:
              enabled: yes
              type: both
-             compress-depth: 0
-             decompress-depth: 0
+             compress-depth: 100kb
+             decompress-depth: 100kb
 
            # Use a random value for inspection sizes around the specified value.
            # This lowers the risk of some evasion techniques but could lead
-- 
2.47.2