Project

General

Profile

Actions

Feature #2416

closed

Increase XFF coverage to files and http log

Added by Maurizio Abba almost 7 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

XFF support is restricted to alert events. It would be nice to increase its coverage to HTTP and alert.

This modification will require the transformation of the HttpXFFGetIP to accept flows instead of packets. This function will anyway only use p->flow, using the flow directly instead of the single packet will obtain the same effect and allow to get the correct IPs.

Actions

Also available in: Atom PDF