[Oisf-devel] enhancement requests for app-layer-detect-proto on suricata
rmkml
rmkml at free.fr
Mon May 3 07:23:43 UTC 2010
Hi,
First, Im request enhancement for app-layer-detect-proto, by adding space or tab after http method. For low cost (doubling existing http content) but maybe reducing FP, like this:
"GET|20|"
"GET|09|"
...
Second, why you don't have "/" after http server response/reply like this:
"HTTP/"
for reducing, of course, possible FP.
Third, It is possible adding HEAD http method please ?
Regards
Rmkml
More information about the Oisf-devel
mailing list