#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include "hi_return_codes.h"
#include "hi_util_xmalloc.h"
#include "hi_ui_server_lookup.h"
#include "hi_ui_config.h"
Go to the source code of this file.
Functions | |
| int | hi_ui_config_init_global_conf (HTTPINSPECT_GLOBAL_CONF *GlobalConf) |
| int | hi_ui_config_default (HTTPINSPECT_GLOBAL_CONF *GlobalConf) |
| int | hi_ui_config_reset_global (HTTPINSPECT_GLOBAL_CONF *GlobalConf) |
| int | hi_ui_config_reset_server (HTTPINSPECT_CONF *ServerConf) |
| int | hi_ui_config_set_profile_apache (HTTPINSPECT_CONF *ServerConf) |
| int | hi_ui_config_set_profile_iis (HTTPINSPECT_CONF *ServerConf, int *iis_unicode_map) |
| int | hi_ui_config_set_profile_all (HTTPINSPECT_CONF *ServerConf, int *iis_unicode_map) |
| int | hi_ui_config_add_server (HTTPINSPECT_GLOBAL_CONF *GlobalConf, unsigned long ServerIP, HTTPINSPECT_CONF *ServerConf) |
This file deals with configuring HttpInspect processing. It contains routines to set a default configuration, add server configurations, etc.
NOTES:
Definition in file hi_ui_config.c.
|
||||||||||||||||
|
Add a server config to the HttpInspect configuration. This function takes an IP address of a server and an HttpInspect configuration, and assigns the configuration to the IP address in a lookup table.
Definition at line 376 of file hi_ui_config.c. References HI_SUCCESS, hi_ui_server_lookup_add(), and s_HTTPINSPECT_GLOBAL_CONF::server_lookup. Referenced by ProcessUniqueServerConf(). |
|
|
|
Initialize the HttpInspect global configuration. The main point of this function is to initialize the server lookup type. We also do things like memset, etc.
Definition at line 50 of file hi_ui_config.c. References HI_SUCCESS, hi_ui_server_lookup_init(), memset, and s_HTTPINSPECT_GLOBAL_CONF::server_lookup. Referenced by HttpInspectInit(). |
|
|
This function resets the global parameters, THIS IS NOT THE GLOBAL SERVER CONFIGURATION.
Definition at line 137 of file hi_ui_config.c. References HI_SUCCESS, s_HTTPINSPECT_GLOBAL_CONF::iis_unicode_map, and s_HTTPINSPECT_GLOBAL_CONF::inspection_type. Referenced by HttpInspectSnortConf(). |
|
|
This function resets a server construct.
Definition at line 158 of file hi_ui_config.c. References HI_SUCCESS, and memset. Referenced by hi_ui_config_set_profile_all(), hi_ui_config_set_profile_apache(), hi_ui_config_set_profile_iis(), HttpInspectSnortConf(), and ProcessUniqueServerConf(). |
|
||||||||||||
|
Set an HTTPINSPECT_CONF to catch all attacks and evasions. This basically turns on all the tricks and most of the alerts, so you won't miss anything that HttpInspect does.
Definition at line 302 of file hi_ui_config.c. References s_HTTPINSPECT_CONF_OPT::alert, s_HTTPINSPECT_CONF::apache_whitespace, s_HTTPINSPECT_CONF::ascii, s_HTTPINSPECT_CONF::bare_byte, s_HTTPINSPECT_CONF::chunk_length, s_HTTPINSPECT_CONF::directory, s_HTTPINSPECT_CONF::double_decoding, s_HTTPINSPECT_CONF::flow_depth, HI_INVALID_ARG, HI_SUCCESS, hi_ui_config_reset_server(), s_HTTPINSPECT_CONF::iis_backslash, s_HTTPINSPECT_CONF::iis_delimiter, s_HTTPINSPECT_CONF::iis_unicode, s_HTTPINSPECT_CONF::iis_unicode_map, s_HTTPINSPECT_CONF::multiple_slash, s_HTTPINSPECT_CONF::non_strict, NULL, s_HTTPINSPECT_CONF_OPT::on, s_HTTPINSPECT_CONF::tab_uri_delimiter, s_HTTPINSPECT_CONF::u_encoding, and s_HTTPINSPECT_CONF::webroot. Referenced by ProcessProfile(). |
|
|
Set an HTTPINSPECT_CONF to mimic apache configuration. This sets a server configuration to imitate an apache web server, and should reduce false positives against systems on which certain attacks or evasions do not work. We hope to still log an event, but one that is less priority.
Definition at line 184 of file hi_ui_config.c. References s_HTTPINSPECT_CONF_OPT::alert, s_HTTPINSPECT_CONF::apache_whitespace, s_HTTPINSPECT_CONF::ascii, s_HTTPINSPECT_CONF::chunk_length, s_HTTPINSPECT_CONF::directory, s_HTTPINSPECT_CONF::flow_depth, HI_SUCCESS, hi_ui_config_reset_server(), s_HTTPINSPECT_CONF::multiple_slash, s_HTTPINSPECT_CONF::non_strict, s_HTTPINSPECT_CONF_OPT::on, s_HTTPINSPECT_CONF::tab_uri_delimiter, s_HTTPINSPECT_CONF::utf_8, and s_HTTPINSPECT_CONF::webroot. Referenced by ProcessProfile(). |
|
||||||||||||
|
Set an HTTPINSPECT_CONF to mimic IIS configuration. This sets a server configuration to imitate an IIS web server, and should reduce false positives against systems on which certain attacks or evasions do not work. We hope to still log an event, but one that is less priority.
Definition at line 234 of file hi_ui_config.c. References s_HTTPINSPECT_CONF_OPT::alert, s_HTTPINSPECT_CONF::apache_whitespace, s_HTTPINSPECT_CONF::ascii, s_HTTPINSPECT_CONF::bare_byte, s_HTTPINSPECT_CONF::chunk_length, s_HTTPINSPECT_CONF::directory, s_HTTPINSPECT_CONF::double_decoding, s_HTTPINSPECT_CONF::flow_depth, HI_INVALID_ARG, HI_SUCCESS, hi_ui_config_reset_server(), s_HTTPINSPECT_CONF::iis_backslash, s_HTTPINSPECT_CONF::iis_delimiter, s_HTTPINSPECT_CONF::iis_unicode, s_HTTPINSPECT_CONF::iis_unicode_map, s_HTTPINSPECT_CONF::multiple_slash, s_HTTPINSPECT_CONF::non_strict, NULL, s_HTTPINSPECT_CONF_OPT::on, s_HTTPINSPECT_CONF::u_encoding, and s_HTTPINSPECT_CONF::webroot. Referenced by ProcessProfile(). |
1.4.2