Feature #2689
closedhttp: Normalized HTTP client body buffer
Description
Currently the 'http_uri' buffer is normalized. This is a request to extend the same normalization (URI decode) to the 'http_client_body' buffer.
This would probably require a new keyword (e.g. 'http_client_body_norm'). Or you could do something like 'http_client_body,norm', with the default being 'http_client_body,raw' (meaning, 'http_client_body' would be the same as 'http_client_body,raw'). This would ensure this functionality would not break current rules. However, the proposed keyword nomenclature may not be congruent with current standards or desired direction so this request is not intended to dictate specific implementation, just functionality.
The decoding of the HTTP client body would be done when the content type is recognized as URL encoded. The easy way to do this is to just look for the 'x-www-form-urlencoded' Content-Type header. Heuristic detection is possible but likely not worth the effort or performance impact (although just relying on the client header provides opportunity for bypass).