Upgrading Suricata 1.3 to Suricata 1.3.1¶
Suricata 1.3.1 is a small update over 1.3, so there have been few visible changes.
HTTP double decoding¶
In 1.3 Suricata double decoded the complete URI in any case. For 1.3.1 this has been changed. The decoding now again depends on the selected server personality. To enable double decoding again 2 per server options were added:
Both default to "no".
libhtp: default-config: personality: IDS request-body-limit: 3072 response-body-limit: 3072 double-decode-path: yes double-decode-query: no