Project

General

Profile

Actions
Copy link

Feature #6546

closed

transformation - strip_pseudo_headers

Added by Brandon Murphy 5 months ago. Updated 3 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:

Description

for HTTP/2 transactions, pseduo headers are included in several buffers (http.header, http.request_header, http.response_header, http.header_names). The inclusion of them in buffers limits options for allowing existing signatures to be compatible with both HTTP/1 and HTTP/2.

Consider the following rule logic:

http.header_names; bsize:16; content:"|0d 0a|User-Agent|0d 0a 0d 0a|";

This logic will result in an FN when presented with HTTP/2 traffic due to the inclusion of `:authority`, `:path`, `:scheme` and `:method`.

As such, i'm requesting a transformation that could be used to remove pseudo headers and, when present, their values from a buffer.

Subtasks 1 (0 open1 closed)

Feature #6614: transformation - strip_pseudo_headers (7.0.x backport)ClosedPhilippe AntoineActions
Actions
Copy link
 #1

Updated by Victor Julien 5 months ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Philippe Antoine
  • Priority changed from Normal to High
  • Target version changed from TBD to 8.0.0-beta1
  • Label Needs backport to 7.0 added
Actions
Copy link
 #2

Updated by OISF Ticketbot 5 months ago

  • Subtask #6614 added
Actions
Copy link
 #3

Updated by OISF Ticketbot 5 months ago

  • Label deleted (Needs backport to 7.0)
Actions
Copy link
 #4

Updated by Philippe Antoine 5 months ago

  • Status changed from Assigned to In Review
Actions
Copy link
 #5

Updated by Philippe Antoine 3 months ago

  • Status changed from In Review to Resolved
Actions
Copy link
 #6

Updated by Philippe Antoine 3 months ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF