Actions
Feature #6425
closedHTTP/2 - new app-layer-event when `:authority` and `host` headers do not match
Effort:
Difficulty:
Label:
Description
as perf RFC 9113 (HTTP/2)
A server SHOULD treat a request as malformed if it contains a Host header field that identifies an entity that differs from the entity in the ":authority" pseudo-header field. The values of fields need to be normalized to compare them (see Section 6.2 of [RFC3986]).
I am requesting a new app-layer-event be created to alert on this condition occurring.
Files
Updated by Victor Julien 6 months ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Philippe Antoine
- Target version changed from TBD to 7.0.3
- Label Needs backport to 6.0 added
Brandon, do you have a pcap for this we can use in a SV test?
Updated by Brandon Murphy 6 months ago
Attached pcap of this occurring
Updated by Philippe Antoine 6 months ago
- Status changed from Assigned to In Review
Updated by Philippe Antoine 6 months ago
- Status changed from In Review to Resolved
Updated by Philippe Antoine 5 months ago
- Related to Bug #6424: HTTP/2 - http.host behavior when both :authority pseudo header and host header are present added
Actions