Bug #640
closedFeature #775: libhtp 0.5 support
app-layer-event:http.host_header_ambiguous set when it shouldn't
Description
When URI and Host header both contain hostname:port, libhtp thinks they don't match while they actually do.
POST http://xxx.intranet.local:8000/xxx HTTP/1.1 User-Agent: Mozilla/4.0 (Windows XP 5.1) Java/1.6.0_29 Host: xxx.intranet.local:8000
Issue reported to libhtp upstream https://github.com/ironbee/libhtp/issues/33
VJ Updated by Victor Julien over 13 years ago
- Target version changed from 1.4 to 2.0rc2
VJ Updated by Victor Julien about 13 years ago
- Parent task set to #775
VJ Updated by Victor Julien over 12 years ago
- Status changed from New to Assigned
- Assignee changed from Victor Julien to Anoop Saldanha
- Target version changed from 2.0rc2 to 2.0beta1
Part of libhtp 0.5.x upgrade.
Anoop, can you add a unit test case for this?
VJ Updated by Victor Julien over 12 years ago
- Target version changed from 2.0beta1 to 2.0beta2
AS Updated by Anoop Saldanha over 12 years ago
https://github.com/inliniac/suricata/pull/511 introduces this unittest.
it will always pass now since we don't use the flags variable to detect events. I have confirmed the validity of this unittest through manually setting the event from reading the flags var.
We will use the flags event, once Ivan moves to setting events for every error log message. At the same time we can introduce per tx events.
AS Updated by Anoop Saldanha over 12 years ago
- Assignee changed from Anoop Saldanha to Victor Julien
Unittest supplied and merged through -
https://github.com/inliniac/suricata/pull/567
https://buildbot.suricata-ids.org/builders/poona/builds/9
As for the fix, the current master should have the fix for this from Victor's
https://github.com/inliniac/suricata/pull/571
@Victor Have assigned this to you.
VJ Updated by Victor Julien over 12 years ago
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
Added 2 more tests. Issue is fixed. Thanks Anoop.