Project

General

Profile

Actions

Feature #6425

closed

HTTP/2 - new app-layer-event when `:authority` and `host` headers do not match

Added by Brandon Murphy about 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

as perf RFC 9113 (HTTP/2)

A server SHOULD treat a request as malformed if it contains a Host header field that identifies an entity that differs from the entity in the ":authority" pseudo-header field. The values of fields need to be normalized to compare them (see Section 6.2 of [RFC3986]).

I am requesting a new app-layer-event be created to alert on this condition occurring.


Files

authority_and_host_2.pcap (1.12 KB) authority_and_host_2.pcap Brandon Murphy, 10/30/2023 01:14 PM

Subtasks 1 (0 open1 closed)

Feature #6429: HTTP/2 - new app-layer-event when `:authority` and `host` headers do not match (6.0.x backport)ClosedPhilippe AntoineActions

Related issues 1 (1 open0 closed)

Related to Suricata - Feature #6424: HTTP/2 - http.host behavior when both :authority pseudo header and host header are presentFeedbackOISF DevActions
Actions

Also available in: Atom PDF