https://redmine.openinfosecfoundation.org/https://redmine.openinfosecfoundation.org/favicon.ico?17011170022012-11-29T06:01:53ZOpen Information Security FoundationSuricata - Feature #650: add support for libhtp event request port doesn't match tcp porthttps://redmine.openinfosecfoundation.org/issues/650?journal_id=25662012-11-29T06:01:53ZVictor Julienvictor@inliniac.net
<ul><li><strong>Status</strong> changed from <i>Assigned</i> to <i>Closed</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Fixed by:</p>
<pre>
commit 9f519e95a275e478051c6f270caced2e93541acf
Author: Victor Julien <victor@inliniac.net>
Date: Fri Nov 23 10:56:22 2012 +0100
http: add event for libhtp detection of request port not matching tcp port.
</pre>
<p>Added:<br /><pre>
# Warn when the port in the Host: header doesn't match the actual TCP Server port.
alert http any any -> any any (msg:"SURICATA HTTP request server port doesn't match TCP port"; flow:established,to_server; app-layer-event:http.request_server_port_tcp_port_mismatch; flowint:http.anomaly.count,+,1; classtype:protocol-
command-decode; sid:2221026; rev:1;)
</pre></p>