Project

General

Profile

Upgrading Suricata 1.3 to Suricata 1.3.1

Suricata 1.3.1 is a small update over 1.3, so there have been few visible changes.

HTTP double decoding

In 1.3 Suricata double decoded the complete URI in any case. For 1.3.1 this has been changed. The decoding now again depends on the selected server personality. To enable double decoding again 2 per server options were added:

double-decode-path: <yes|no>
double-decode-query: <yes|no>

Both default to "no".

Example config:

libhtp:
   default-config:
     personality: IDS
     request-body-limit: 3072
     response-body-limit: 3072
     double-decode-path: yes
     double-decode-query: no

For a discussion about this see tickets #464 and #504.