Actions
Bug #3112
closedengine-analysis warning on http_content_type
Affected Versions:
Effort:
Difficulty:
Label:
Description
With 5.0.0-dev (3a912446a 2019-07-22) on sid 2837960 from ETPro we have a warning on
Rule matches on http uri buffer. Rule matches on http method buffer. Rule matches on http user agent buffer. Rule matches on http header names buffer. App layer protocol is http. Rule contains 1 content options, 5 http content options, 0 pcre options, and 0 pcre options with http modifiers. Fast Pattern "My_App" on "http user agent (http_user_agent)" buffer. Warning: Rule contains content with http_* and content without http_*. -Consider adding http content modifiers.
that is triggered by having http_content_type - however it is a sticky buffer and should not issue that warning. If it is removed (with the following content) there are no warnings.
Updated by Andreas Herz over 5 years ago
- Assignee set to OISF Dev
- Target version set to TBD
Updated by Jeff Lucovsky over 5 years ago
- Assignee changed from OISF Dev to Jeff Lucovsky
Not able to reproduce; the output I get is
Updated by Peter Manev over 5 years ago
Updated by Victor Julien over 5 years ago
- Target version changed from TBD to 5.0rc1
Actions