Feature #234
closedadd option disable/enable individual app layer protocol inspection modules
Description
Not everyone is interested in having all app layer parsing/inspection modules enabled all the time. In the suricata.yaml configuration file we should give the user the option to disable individual parsers.
Ideas for how this should be done in the configuration file are welcome.
Updated by delta yeh almost 14 years ago
how about
app-layer-modules:
-http
-ftp
-ssh
those module not in this list would not be enabled.
Updated by Victor Julien almost 14 years ago
I think I would prefer something like:
app-layer-parsers:
- http
enabled: yes
- ftp
enabled: no
This would allow us to add other options to them...
Thoughts?
Updated by delta yeh over 13 years ago
Victor Julien wrote:
I think I would prefer something like:
app-layer-parsers:
- http
enabled: yes
- ftp
enabled: noThis would allow us to add other options to them...
Thoughts?
Sounds good to me!
Updated by Victor Julien over 13 years ago
- Assignee changed from Victor Julien to Anonymous
This would be fairly easy to implement as we can just disable the parser registration for the disabled protocols.
Updated by delta yeh about 13 years ago
Victor Julien wrote:
This would be fairly easy to implement as we can just disable the parser registration for the disabled protocols.
I will take this.
Updated by Victor Julien about 13 years ago
- Status changed from New to Assigned
- Assignee changed from Anonymous to delta yeh
- Target version set to 1.2
Cool, thanks!
Updated by Victor Julien almost 13 years ago
- Target version changed from 1.2 to TBD
Have you been able to look into this?
Updated by Victor Julien over 12 years ago
- Assignee changed from delta yeh to Anoop Saldanha
- Target version changed from TBD to 1.4beta2
Updated by Victor Julien about 12 years ago
- Target version changed from 1.4beta2 to 1.4beta3
Updated by Victor Julien about 12 years ago
- Priority changed from Normal to Low
Updated by Victor Julien about 12 years ago
- Target version changed from 1.4beta3 to 1.4rc1
Updated by Anoop Saldanha about 12 years ago
Updated by Victor Julien about 12 years ago
- Target version changed from 1.4rc1 to 2.0rc2
Updated by Anoop Saldanha almost 12 years ago
https://github.com/inliniac/suricata/pull/279
The above PR does a lot more than provide a feature to enable/disable app layer modules.
We have an update PP proto detection engine, feature to enable proto detection/parser both of which are now separate options in the conf file, ability to specify detection ports in conf file, sig port validation.
Updated by Victor Julien over 11 years ago
- Priority changed from Low to Normal
- Target version changed from 2.0rc2 to 2.0beta2
Updated by Anoop Saldanha about 11 years ago
- Status changed from Assigned to Closed