Feature #6425
closed
HTTP/2 - new app-layer-event when `:authority` and `host` headers do not match
Added by Brandon Murphy about 1 year ago.
Updated about 1 year ago.
Description
as perf RFC 9113 (HTTP/2)
A server SHOULD treat a request as malformed if it contains a Host header field that identifies an entity that differs from the entity in the ":authority" pseudo-header field. The values of fields need to be normalized to compare them (see Section 6.2 of [RFC3986]).
I am requesting a new app-layer-event be created to alert on this condition occurring.
Files
Related issues
1 (1 open — 0 closed)
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Philippe Antoine
- Target version changed from TBD to 7.0.3
- Label Needs backport to 6.0 added
Brandon, do you have a pcap for this we can use in a SV test?
- Label deleted (
Needs backport to 6.0)
Attached pcap of this occurring
- Status changed from Assigned to In Review
- Status changed from In Review to Resolved
- Status changed from Resolved to Closed
- Related to Feature #6424: HTTP/2 - http.host behavior when both :authority pseudo header and host header are present added
Also available in: Atom
PDF