Project

General

Profile

Bug #2810

enabling add request/response http headers in master

Added by Peter Manev 6 days ago. Updated 6 days ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
-
Affected Versions:
Effort:
Difficulty:

Description

I was trying out the new response/request header feature ( https://github.com/OISF/suricata/pull/3639 - many thanks for the contribution !) for login and noticed the following

Using latest master as of the time of posting this issue:

suricata -V
This is Suricata version 5.0.0-dev (rev 6c0ec0b2)

Default in yaml

            # set this value to one among {both, request, response} to dump all
            # http headers for every http request and/or response
            # dump-all-headers: [both, request, response]

Given the default setting above in yaml a user may just try to adjust the dump-all-headers and use only "both" or "request, response" inside the []. In those cases the logging of the response/request headers will not work as intended (at least in my tests). See bellow:

Does not work

            # set this value to one among {both, request, response} to dump all
            # http headers for every http request and/or response
            dump-all-headers: [request, response]

Does not work
            # set this value to one among {both, request, response} to dump all
            # http headers for every http request and/or response
            dump-all-headers: [both]

Does not work
            # set this value to one among {both, request, response} to dump all
            # http headers for every http request and/or response
            dump-all-headers: "response, request" 

Works
            # set this value to one among {both, request, response} to dump all
            # http headers for every http request and/or response
            dump-all-headers: "both" 

Thanks Andreas for the pointer.

History

#1

Updated by Victor Julien 6 days ago

  • Assignee set to Maurizio Abba

Also available in: Atom PDF