Documentation #5485
closed
Documentation #5182: userguide: better document rule keywords
userguide: explain that the http.header_names buffer is normalized
Added by Juliana Fajardini Reichow almost 3 years ago.
Updated 10 days ago.
Description
libhtp normalizes the http.header_names buffer, as it resides in a structure that does not allow duplicates.
As someone inspecting Wireshark packet traffic may be expecting something different when writing a rule, make this behavior clear on our documentation.
Related issues
1 (1 open — 0 closed)
- Subject changed from userguide: explain that the http.header_names is normalized to userguide: explain that the http.header_names buffer is normalized
- Assignee changed from OISF Dev to Jason Taylor
This will be/is resolved with the work being done on ticket #3025
looks like #6779 might be a duplicate of this.
- Related to Feature #6779: http.header_names behavior when encountering duplicate header names added
- Status changed from New to Assigned
- Target version changed from TBD to 8.0.0-beta1
- Target version changed from 8.0.0-beta1 to 8.0.0-rc1
- Status changed from Assigned to In Progress
- Status changed from In Progress to In Review
- Status changed from In Review to Closed
Also available in: Atom
PDF