Project

General

Profile

Actions

Feature #1017

closed

Add support for content-range

Added by Eric Leblond about 11 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Effort:
Difficulty:
Label:

Description

The 'Content-Range' is currently not supported by libhtp. For suricata this means that the information that 'Content-Range' has been used in a request is not seen anywhere. This is an issue for file extraction. There is no possible strategy to rebuild easily a binary with an external script if the content information is not present.

An other point is that this could trigger error on md5sum checking. For example, if an alert fires when a unknown file is downloaded from a server (by checking md5 list) then using 'Content-Range' will lead to a different md5 and then result in an invalid alert. Regarding this point, adding a simple header match to 'Content-Range' could help not to fire.

To add this support, libhtp would need to be patched and then suricata will need to be updated.


Related issues 1 (0 open1 closed)

Is duplicate of Suricata - Feature #1576: http: byte-range supportClosedPhilippe AntoineActions
Actions

Also available in: Atom PDF