Project

General

Profile

Actions
Copy link

Feature #6425

closed
BM PA

HTTP/2 - new app-layer-event when `:authority` and `host` headers do not match

Feature #6425: HTTP/2 - new app-layer-event when `:authority` and `host` headers do not match

Added by Brandon Murphy over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
7.0.3
Effort:
Difficulty:
Label:

Description

as perf RFC 9113 (HTTP/2)

A server SHOULD treat a request as malformed if it contains a Host header field that identifies an entity that differs from the entity in the ":authority" pseudo-header field. The values of fields need to be normalized to compare them (see Section 6.2 of [RFC3986]).

I am requesting a new app-layer-event be created to alert on this condition occurring.

Files

authority_and_host_2.pcap (1.12 KB) authority_and_host_2.pcap Brandon Murphy, 10/30/2023 01:14 PM

Subtasks 1 (0 open1 closed)

Feature #6429: HTTP/2 - new app-layer-event when `:authority` and `host` headers do not match (6.0.x backport)ClosedPhilippe AntoineActions

Related issues 1 (1 open0 closed)

Related to Suricata - Feature #6424: HTTP/2 - http.host behavior when both :authority pseudo header and host header are presentFeedbackOISF DevActions
Actions
Copy link

Also available in: PDF Atom