Feature #1017
closedAdd support for content-range
Description
The 'Content-Range' is currently not supported by libhtp. For suricata this means that the information that 'Content-Range' has been used in a request is not seen anywhere. This is an issue for file extraction. There is no possible strategy to rebuild easily a binary with an external script if the content information is not present.
An other point is that this could trigger error on md5sum checking. For example, if an alert fires when a unknown file is downloaded from a server (by checking md5 list) then using 'Content-Range' will lead to a different md5 and then result in an invalid alert. Regarding this point, adding a simple header match to 'Content-Range' could help not to fire.
To add this support, libhtp would need to be patched and then suricata will need to be updated.