Feature #1017
closedAdd support for content-range
Description
The 'Content-Range' is currently not supported by libhtp. For suricata this means that the information that 'Content-Range' has been used in a request is not seen anywhere. This is an issue for file extraction. There is no possible strategy to rebuild easily a binary with an external script if the content information is not present.
An other point is that this could trigger error on md5sum checking. For example, if an alert fires when a unknown file is downloaded from a server (by checking md5 list) then using 'Content-Range' will lead to a different md5 and then result in an invalid alert. Regarding this point, adding a simple header match to 'Content-Range' could help not to fire.
To add this support, libhtp would need to be patched and then suricata will need to be updated.
Updated by Victor Julien about 11 years ago
- Target version set to TBD
Updated by Victor Julien over 5 years ago
- Related to Feature #1576: http: byte-range support added
Updated by Victor Julien almost 5 years ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Philippe Antoine
- Target version changed from TBD to 6.0.0beta1
Updated by Philippe Antoine almost 5 years ago
To me, this is a duplicate of #1576
Am I missing something ?
Updated by Philippe Antoine over 4 years ago
- Status changed from Assigned to In Review
Updated by Philippe Antoine over 4 years ago
- Status changed from In Review to Closed
- Target version changed from 6.0.0beta1 to TBD
Updated by Victor Julien over 4 years ago
- Assignee deleted (
Philippe Antoine) - Target version deleted (
TBD)
Updated by Victor Julien over 4 years ago
- Related to deleted (Feature #1576: http: byte-range support)
Updated by Victor Julien over 4 years ago
- Is duplicate of Feature #1576: http: byte-range support added