What are inspection limits and how do they work in IPS mode?
For example:
request-body-minimal-inspect-size and request-body-inspect-window?
My understanding is this:
When the first??? request-body-minimal-inspect-size bytes arrived, suricata starts http req body inspect process by sliding window of size request-body-inspect-window bytes. Does this sliding window work only with continuous http(TCP) data? Can u explain me this process, pls. Thx.