Actions
Feature #6546
closed
BM
PA
detect/transform: strip_pseudo_headers
Feature #6546:
detect/transform: strip_pseudo_headers
Effort:
Difficulty:
Label:
Description
for HTTP/2 transactions, pseduo headers are included in several buffers (http.header, http.request_header, http.response_header, http.header_names). The inclusion of them in buffers limits options for allowing existing signatures to be compatible with both HTTP/1 and HTTP/2.
Consider the following rule logic:
http.header_names; bsize:16; content:"|0d 0a|User-Agent|0d 0a 0d 0a|";
This logic will result in an FN when presented with HTTP/2 traffic due to the inclusion of `:authority`, `:path`, `:scheme` and `:method`.
As such, i'm requesting a transformation that could be used to remove pseudo headers and, when present, their values from a buffer.
VJ Updated by Victor Julien over 2 years ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Philippe Antoine
- Priority changed from Normal to High
- Target version changed from TBD to 8.0.0-beta1
- Label Needs backport to 7.0 added
OT Updated by OISF Ticketbot over 2 years ago
- Subtask #6614 added
OT Updated by OISF Ticketbot over 2 years ago
- Label deleted (
Needs backport to 7.0)
PA Updated by Philippe Antoine over 2 years ago
- Status changed from Assigned to In Review
PA Updated by Philippe Antoine about 2 years ago
- Status changed from In Review to Resolved
PA Updated by Philippe Antoine about 2 years ago
- Status changed from Resolved to Closed
VJ Updated by Victor Julien about 1 year ago
- Subject changed from transformation - strip_pseudo_headers to detect/transform: strip_pseudo_headers
Actions