Project

General

Profile

Actions

Documentation #5485

open

Documentation #5182: userguide: better document rule keywords

userguide: explain that the http.header_names buffer is normalized

Added by Juliana Fajardini Reichow over 2 years ago. Updated 7 months ago.

Status:
Assigned
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

libhtp normalizes the http.header_names buffer, as it resides in a structure that does not allow duplicates.

As someone inspecting Wireshark packet traffic may be expecting something different when writing a rule, make this behavior clear on our documentation.


Related issues 1 (1 open0 closed)

Related to Suricata - Bug #6779: http.header_names behavior when encountering duplicate header namesNewOISF DevActions
Actions

Also available in: Atom PDF