diff --git a/README.md b/README.md
index 14bf7281..5df682d8 100644
--- a/README.md
+++ b/README.md
@@ -202,7 +202,6 @@ rule-files:
 
 This ruleset includes online domains only. It enables Suricata to detect malicious HTTPS-enabled domains by inspecting the SNI in the [unencrypted ClientHello](https://en.wikipedia.org/wiki/Server_Name_Indication#Security_implications) message. There is increasing support for encrypted Client Hello which defeats SNI inspection.
 
-
 ## Splunk
 
 A CSV file for Splunk [lookup](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Aboutlookupsandfieldactions).
diff --git a/src/ids.js b/src/ids.js
index ba566e1b..58c08d29 100644
--- a/src/ids.js
+++ b/src/ids.js
@@ -39,6 +39,8 @@ for await (const domain of domains.readLines()) {
   sid++
 }
 
+suricataSni.close()
+
 for await (const line of urls.readLines()) {
   if (!URL.canParse(`http://${line}`)) {
     console.error(`Invalid URL: ${line}`)
@@ -61,5 +63,4 @@ for await (const line of urls.readLines()) {
 snort2.close()
 snort3.close()
 suricata.close()
-suricataSni.close()
 splunk.close()