Documentation #5485: userguide: explain that the http.header_names buffer is normalized - Suricata - Open Information Security Foundation

Actions

Copy link

Documentation #5485

open

Documentation #5182: userguide: better document rule keywords

userguide: explain that the http.header_names buffer is normalized

Added by Juliana Fajardini Reichow over 1 year ago. Updated 28 days ago.

Status:

New

Priority:

Normal

Assignee:

Jason Taylor

Target version:

TBD

Affected Versions:

Effort:

Difficulty:

Label:

Description

libhtp normalizes the http.header_names buffer, as it resides in a structure that does not allow duplicates.

As someone inspecting Wireshark packet traffic may be expecting something different when writing a rule, make this behavior clear on our documentation.

Related issues 1 (1 open — 0 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Documentation #5485

userguide: explain that the http.header_names buffer is normalized

Updated by Juliana Fajardini Reichow over 1 year ago

Updated by Juliana Fajardini Reichow over 1 year ago

Updated by Jason Taylor 28 days ago

Updated by Brandon Murphy 28 days ago

Updated by Juliana Fajardini Reichow 21 days ago