libhtp:
default-config:
personality: IDS
# Can be specified in kb, mb, gb. Just a number indicates
# it's in bytes.
request-body-limit: 100kb
response-body-limit: 100kb
# inspection limits
request-body-minimal-inspect-size: 32kb
request-body-inspect-window: 4kb
response-body-minimal-inspect-size: 40kb
response-body-inspect-window: 16kb
# response body decompression (0 disables)
response-body-decompress-layer-limit: 2
# auto will use http-body-inline mode in IPS mode, yes or no set it statically
http-body-inline: auto
# Decompress SWF files.
# Two types: 'deflate', 'lzma', 'both' will decompress deflate and lzma
# compress-depth:
# Specifies the maximum amount of data to decompress,
# set 0 for unlimited.
# decompress-depth:
# Specifies the maximum amount of decompressed data to obtain,
# set 0 for unlimited.
swf-decompression:
enabled: yes
type: both
compress-depth: 100kb
decompress-depth: 100kb
# Use a random value for inspection sizes around the specified value.
# This lowers the risk of some evasion techniques but could lead
# to detection change between runs. It is set to 'yes' by default.
#randomize-inspection-sizes: yes
# If "randomize-inspection-sizes" is active, the value of various
# inspection size will be chosen from the [1 - range%, 1 + range%]
# range
# Default value of "randomize-inspection-range" is 10.
#randomize-inspection-range: 10
# decoding
double-decode-path: no
double-decode-query: no