Documentation #5485: userguide: explain that the http.header_names buffer is normalized - Suricata - Open Information Security Foundation

Actions

Copy link

Documentation #5485

open

Documentation #5182: userguide: better document rule keywords

userguide: explain that the http.header_names buffer is normalized

Added by Juliana Fajardini Reichow about 1 year ago. Updated about 1 year ago.

Status:

New

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Affected Versions:

Effort:

Difficulty:

Label:

Description

libhtp normalizes the http.header_names buffer, as it resides in a structure that does not allow duplicates.

As someone inspecting Wireshark packet traffic may be expecting something different when writing a rule, make this behavior clear on our documentation.

History
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Documentation #5485

userguide: explain that the http.header_names buffer is normalized

Updated by Juliana Fajardini Reichow about 1 year ago

Updated by Juliana Fajardini Reichow about 1 year ago