diff --git a/include/NetworkInterface.h b/include/NetworkInterface.h
index ca0462de63..4cd40888c8 100644
--- a/include/NetworkInterface.h
+++ b/include/NetworkInterface.h
@@ -366,8 +366,7 @@ class NetworkInterface : public Checkpointable {
   void getnDPIStats(nDPIStats *stats, AddressTree *allowed_hosts, const char *host_ip, u_int16_t vlan_id);
   void periodicStatsUpdate();
   virtual void lua(lua_State* vm);
-  void getnDPIProtocols(lua_State *vm);
-  void getnDPIProtocols(lua_State *vm, ndpi_protocol_category_t filter);
+  void getnDPIProtocols(lua_State *vm, ndpi_protocol_category_t filter, bool skip_critical);
   void setnDPIProtocolCategory(u_int16_t protoId, ndpi_protocol_category_t protoCategory);
 
   int getActiveHostsList(lua_State* vm,
diff --git a/include/Utils.h b/include/Utils.h
index d2483e9485..0b6ee805c2 100755
--- a/include/Utils.h
+++ b/include/Utils.h
@@ -98,6 +98,7 @@ class Utils {
   static void initRedis(Redis **r, const char *redis_host, const char *redis_password, u_int16_t redis_port, u_int8_t _redis_db_id);
   static bool str2DetailsLevel(const char *details, DetailsLevel *out);
   static u_int32_t roundTime(u_int32_t now, u_int32_t rounder, int32_t offset_from_utc);
+  static bool isCriticalNetworkProtocol(u_int16_t protocol_id);
 
   /* Patricia Tree */
   static patricia_node_t* ptree_match(patricia_tree_t *tree, int family, void *addr, int bits);
diff --git a/scripts/lua/find_app.lua b/scripts/lua/find_app.lua
index 7bc04bfa30..5a50c67b92 100644
--- a/scripts/lua/find_app.lua
+++ b/scripts/lua/find_app.lua
@@ -16,10 +16,11 @@ local results = res.results
 
 local ifid = _GET["ifId"]
 local query = string.lower(_GET["query"])
+local skip_critical = _GET["skip_critical"]
 
 interface.select(ifid)
 
-local protocols = interface.getnDPIProtocols()
+local protocols = interface.getnDPIProtocols(nil, toboolean(skip_critical))
 
 for proto, id in pairsByKeys(protocols, asc_insensitive) do
   if string.contains(string.lower(proto), query) then
diff --git a/scripts/lua/modules/http_lint.lua b/scripts/lua/modules/http_lint.lua
index f0edda4a1c..3ce0118977 100644
--- a/scripts/lua/modules/http_lint.lua
+++ b/scripts/lua/modules/http_lint.lua
@@ -1077,6 +1077,7 @@ local known_parameters = {
    ["adaptive_rate"]           =  validateBool,
    ["slow_pass_shaper_perc"]   =  validateNumber,
    ["slower_pass_shaper_perc"] =  validateNumber,
+   ["skip_critical"]           =  validateBool,
 
    -- json POST DATA
    ["payload"]                 =  validateJSON
diff --git a/src/Host.cpp b/src/Host.cpp
index 362a929ff1..75d33b321f 100644
--- a/src/Host.cpp
+++ b/src/Host.cpp
@@ -1206,6 +1206,11 @@ TrafficShaper* Host::get_shaper(ndpi_protocol ndpiProtocol, bool isIngress) {
   if (iface->getL7Policer() && getMac() && (getMac()->locate() != located_on_lan_interface)) {
     return iface->getL7Policer()->getShaper(DEFAULT_SHAPER_ID);
   }
+
+  // Avoid dropping critical protocols
+  if(Utils::isCriticalNetworkProtocol(ndpiProtocol.master_protocol) ||
+          Utils::isCriticalNetworkProtocol(ndpiProtocol.app_protocol))
+    return iface->getL7Policer()->getShaper(PASS_ALL_SHAPER_ID);
 #endif
 
   if(iface->getL7Policer()) policy = iface->getL7Policer()->getIpPolicy(get_host_pool());
@@ -1244,7 +1249,7 @@ TrafficShaper* Host::get_shaper(ndpi_protocol ndpiProtocol, bool isIngress) {
 
     // Try to get a specific shaper
     getProtocolShaper(ndpiProtocol, policy, &shaper_id, isIngress);
-#endif
+#endif // HAVE_NEDGE
   }
 
 #ifdef SHAPER_DEBUG
diff --git a/src/Lua.cpp b/src/Lua.cpp
index 906529445c..194394fbe6 100644
--- a/src/Lua.cpp
+++ b/src/Lua.cpp
@@ -3287,7 +3287,8 @@ static int ntop_interface_name2id(lua_State* vm) {
 
 static int ntop_get_ndpi_protocols(lua_State* vm) {
   NetworkInterface *ntop_interface = getCurrentInterface(vm);
-  ndpi_protocol_category_t category_filter;
+  ndpi_protocol_category_t category_filter = (ndpi_protocol_category_t)((u_int8_t)-1);
+  bool skip_critical = false;
 
   if(ntop_interface == NULL)
     ntop_interface = getCurrentInterface(vm);
@@ -3302,11 +3303,10 @@ static int ntop_get_ndpi_protocols(lua_State* vm) {
 
     if(category_filter >= NDPI_PROTOCOL_NUM_CATEGORIES)
       return(CONST_LUA_ERROR);
+  }
+  if((lua_type(vm, 2) == LUA_TBOOLEAN)) skip_critical = lua_toboolean(vm, 2);
 
-    ntop_interface->getnDPIProtocols(vm, category_filter);
-  } else
-    ntop_interface->getnDPIProtocols(vm);
-
+  ntop_interface->getnDPIProtocols(vm, category_filter, skip_critical);
   return(CONST_LUA_OK);
 }
 
diff --git a/src/NetworkInterface.cpp b/src/NetworkInterface.cpp
index 989522cacd..848c1c653f 100644
--- a/src/NetworkInterface.cpp
+++ b/src/NetworkInterface.cpp
@@ -4651,28 +4651,13 @@ u_int NetworkInterface::purgeIdleHostsMacsASesVlans() {
 
 /* *************************************** */
 
-void NetworkInterface::getnDPIProtocols(lua_State *vm) {
-  int i;
-
-  lua_newtable(vm);
-
-  for(i=0; i<(int)ndpi_struct->ndpi_num_supported_protocols; i++) {
-    char buf[8];
-
-    snprintf(buf, sizeof(buf), "%d", i);
-    lua_push_str_table_entry(vm, ndpi_struct->proto_defaults[i].protoName, buf);
-  }
-}
-
-/* *************************************** */
-
 void NetworkInterface::setnDPIProtocolCategory(u_int16_t protoId, ndpi_protocol_category_t protoCategory) {
   ndpi_set_proto_category(ndpi_struct, protoId, protoCategory);
 }
 
 /* **************************************************** */
 
-void NetworkInterface::getnDPIProtocols(lua_State *vm, ndpi_protocol_category_t filter) {
+void NetworkInterface::getnDPIProtocols(lua_State *vm, ndpi_protocol_category_t filter, bool skip_critical) {
   int i;
 
   lua_newtable(vm);
@@ -4680,7 +4665,8 @@ void NetworkInterface::getnDPIProtocols(lua_State *vm, ndpi_protocol_category_t
   for(i=0; i<(int)ndpi_struct->ndpi_num_supported_protocols; i++) {
     char buf[8];
 
-    if(ndpi_struct->proto_defaults[i].protoCategory == filter) {
+    if(((filter == (u_int8_t)-1) || ndpi_struct->proto_defaults[i].protoCategory == filter) &&
+	(!skip_critical || !Utils::isCriticalNetworkProtocol(i))) {
       snprintf(buf, sizeof(buf), "%d", i);
       lua_push_str_table_entry(vm, ndpi_struct->proto_defaults[i].protoName, buf);
     }
diff --git a/src/Utils.cpp b/src/Utils.cpp
index e3f19200d2..7366a998cf 100755
--- a/src/Utils.cpp
+++ b/src/Utils.cpp
@@ -2611,6 +2611,12 @@ bool Utils::str2DetailsLevel(const char *details, DetailsLevel *out) {
 
 /* ****************************************************** */
 
+bool Utils::isCriticalNetworkProtocol(u_int16_t protocol_id) {
+  return (protocol_id == NDPI_PROTOCOL_DNS) || (protocol_id == NDPI_PROTOCOL_DHCP);
+}
+
+/* ****************************************************** */
+
 u_int32_t Utils::roundTime(u_int32_t now, u_int32_t rounder, int32_t offset_from_utc) {
   now -= (now % rounder);
   now += rounder; /* Aligned to midnight UTC */