Project

General

Profile

Actions

Feature #2280

open

http: rules that match both request and response

Added by Victor Julien over 6 years ago. Updated over 2 years ago.

Status:
Assigned
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

Introduce support for matching on fields from both request and response side in a single rule in http.

This will have some limitations around body matching.


Related issues 3 (3 open0 closed)

Related to Suricata - Task #2309: SuriCon 2017 brainstormAssignedVictor JulienActions
Related to Suricata - Task #3288: Suricon 2019 brainstormAssignedVictor JulienActions
Related to Suricata - Feature #5665: rules: bidirectional transaction matchingIn ReviewPhilippe AntoineActions
Actions #1

Updated by Andreas Herz over 6 years ago

  • Assignee set to OISF Dev
  • Target version set to TBD
Actions #2

Updated by Victor Julien over 6 years ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Victor Julien
Actions #3

Updated by Victor Julien over 6 years ago

  • Related to Task #2309: SuriCon 2017 brainstorm added
Actions #4

Updated by Victor Julien over 4 years ago

  • Related to Task #3288: Suricon 2019 brainstorm added
Actions #5

Updated by Philippe Antoine over 2 years ago

I do not understand what is expected here...

Actions #6

Updated by xiaolong li over 2 years ago

Philippe Antoine wrote in #note-5:

I do not understand what is expected here...

How to match http GET request with 404 NOT FOUND response?

Actions #7

Updated by Victor Julien over 1 year ago

  • Related to Feature #5665: rules: bidirectional transaction matching added
Actions

Also available in: Atom PDF