Project

General

Profile

Feature #1017

Add support for content-range

Added by Eric Leblond over 6 years ago. Updated 5 months ago.

Status:
In Review
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

The 'Content-Range' is currently not supported by libhtp. For suricata this means that the information that 'Content-Range' has been used in a request is not seen anywhere. This is an issue for file extraction. There is no possible strategy to rebuild easily a binary with an external script if the content information is not present.

An other point is that this could trigger error on md5sum checking. For example, if an alert fires when a unknown file is downloaded from a server (by checking md5 list) then using 'Content-Range' will lead to a different md5 and then result in an invalid alert. Regarding this point, adding a simple header match to 'Content-Range' could help not to fire.

To add this support, libhtp would need to be patched and then suricata will need to be updated.


Related issues

Related to Feature #1576: http: byte-range supportAssignedPhilippe AntoineActions
#2

Updated by Andreas Herz over 4 years ago

  • Assignee set to OISF Dev
#3

Updated by Victor Julien over 4 years ago

Related to #1576

#4

Updated by Victor Julien about 1 year ago

#5

Updated by Victor Julien 6 months ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Philippe Antoine
  • Target version changed from TBD to 6.0.0rc1
#6

Updated by Philippe Antoine 5 months ago

To me, this is a duplicate of #1576
Am I missing something ?

#7

Updated by Philippe Antoine 5 months ago

  • Status changed from Assigned to In Review

Also available in: Atom PDF