[Oisf-devel] libhtp - Exposing only query normalization through htp_config.h
Ivan Ristic
ivan.ristic at gmail.com
Wed Jun 19 09:45:25 UTC 2013
On Tue, Jun 18, 2013 at 3:02 PM, Anoop Saldanha <anoopsaldanha at gmail.com> wrote:
> * Missed replying to the list
>
> On Mon, Jun 17, 2013 at 6:35 PM, Ivan Ristic <ivan.ristic at gmail.com> wrote:
>> On Mon, Jun 17, 2013 at 9:19 AM, Anoop Saldanha <anoopsaldanha at gmail.com> wrote:
>>> htp_config_register_urlencoded_parser() registers 2 hooks, one for
>>> the request query and the other for the request body. Can libhtp
>>> expose through a conf function the registration of just the query
>>> hook?
>>
>> Possibly, but it depends on why you want it?
>>
>
> I don't have a need for the decoded request body.
So in Suricata you don't have any per-parameter signatures? The best
way forward for you would then be to switch off both urlencoded and
multipart parsers, then? (Assuming you also choose not to reconstruct
the query from individual parameters, per the other thread.)
I am guessing that you do have some signatures that you apply to the
request body (after decompression and dechunking)? Do you perform URL
decoding first?
> --
> -------------------------------
> Anoop Saldanha
> http://www.poona.me
> -------------------------------
--
Ivan Ristić
More information about the Oisf-devel
mailing list