Actions
Documentation #5485
openDocumentation #5182: userguide: better document rule keywords
userguide: explain that the http.header_names buffer is normalized
Affected Versions:
Effort:
Difficulty:
Label:
Description
libhtp normalizes the http.header_names buffer, as it resides in a structure that does not allow duplicates.
As someone inspecting Wireshark packet traffic may be expecting something different when writing a rule, make this behavior clear on our documentation.
Updated by Juliana Fajardini Reichow over 1 year ago
- Subject changed from userguide: explain that the http.header_names is normalized to userguide: explain that the http.header_names buffer is normalized
Updated by Jason Taylor 29 days ago
- Assignee changed from OISF Dev to Jason Taylor
This will be/is resolved with the work being done on ticket #3025
Updated by Brandon Murphy 29 days ago
looks like #6779 might be a duplicate of this.
Updated by Juliana Fajardini Reichow 21 days ago
- Related to Bug #6779: http.header_names behavior when encountering duplicate header names added
Actions