Feature #1017
closedAdd support for content-range
Description
The 'Content-Range' is currently not supported by libhtp. For suricata this means that the information that 'Content-Range' has been used in a request is not seen anywhere. This is an issue for file extraction. There is no possible strategy to rebuild easily a binary with an external script if the content information is not present.
An other point is that this could trigger error on md5sum checking. For example, if an alert fires when a unknown file is downloaded from a server (by checking md5 list) then using 'Content-Range' will lead to a different md5 and then result in an invalid alert. Regarding this point, adding a simple header match to 'Content-Range' could help not to fire.
To add this support, libhtp would need to be patched and then suricata will need to be updated.
VJ Updated by Victor Julien over 12 years ago
- Target version set to TBD
AH Updated by Andreas Herz over 10 years ago
- Assignee set to OISF Dev
VJ Updated by Victor Julien over 10 years ago
Related to #1576
VJ Updated by Victor Julien about 7 years ago
- Related to Feature #1576: http: byte-range support added
VJ Updated by Victor Julien about 6 years ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Philippe Antoine
- Target version changed from TBD to 6.0.0beta1
PA Updated by Philippe Antoine about 6 years ago
To me, this is a duplicate of #1576
Am I missing something ?
PA Updated by Philippe Antoine about 6 years ago
- Status changed from Assigned to In Review
PA Updated by Philippe Antoine almost 6 years ago
- Status changed from In Review to Closed
- Target version changed from 6.0.0beta1 to TBD
VJ Updated by Victor Julien almost 6 years ago
- Assignee deleted (
Philippe Antoine) - Target version deleted (
TBD)
VJ Updated by Victor Julien almost 6 years ago
- Related to deleted (Feature #1576: http: byte-range support)
VJ Updated by Victor Julien almost 6 years ago
- Is duplicate of Feature #1576: http: byte-range support added