Project

General

Profile

Actions

Bug #3112

closed

engine-analysis warning on http_content_type

Added by Peter Manev about 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

With 5.0.0-dev (3a912446a 2019-07-22) on sid 2837960 from ETPro we have a warning on

    Rule matches on http uri buffer.
    Rule matches on http method buffer.
    Rule matches on http user agent buffer.
    Rule matches on http header names buffer.
    App layer protocol is http.
    Rule contains 1 content options, 5 http content options, 0 pcre options, and 0 pcre options with http modifiers.
    Fast Pattern "My_App" on "http user agent (http_user_agent)" buffer.
    Warning: Rule contains content with http_* and content without http_*.
             -Consider adding http content modifiers.


that is triggered by having http_content_type - however it is a sticky buffer and should not issue that warning. If it is removed (with the following content) there are no warnings.

Actions #1

Updated by Andreas Herz about 5 years ago

  • Assignee set to OISF Dev
  • Target version set to TBD
Actions #2

Updated by Peter Manev about 5 years ago

Apologies the rule sid is - 2837959

Actions #3

Updated by Jeff Lucovsky about 5 years ago

  • Assignee changed from OISF Dev to Jeff Lucovsky

Not able to reproduce; the output I get is

Actions #5

Updated by Andreas Herz about 5 years ago

  • Status changed from New to Closed
Actions #6

Updated by Victor Julien about 5 years ago

  • Target version changed from TBD to 5.0rc1
Actions

Also available in: Atom PDF