Feature #8516
openhttp: include server header in default eve record as a field
Description
Currently, to get the server header field, you need to dump all headers and extract it from the array. As the server header is commonly used, it makes sense to hoist it up like the user-agent and content-type.
PA Updated by Philippe Antoine 23 days ago
- Status changed from New to Assigned
- Target version changed from TBD to 9.0.0-beta1
JI Updated by Jason Ish 23 days ago
- Copied to Feature #8520: quic: include server header in default eve record as a field added
PA Updated by Philippe Antoine 22 days ago
- Status changed from Assigned to Triaged
JI Updated by Jason Ish 17 days ago
@eleblond @Peter Manev Any thoughts on how to handle the case where there are multiple server headers? We do not handle this for the user agent, either the first or last wins (I'm not sure which). So we could either do:
"http_server": "Caddy"
or
"http_server": ["Caddy", "nginx"]
in the case where you had the server being run by some joker.
EL Updated by Eric Leblond 16 days ago
Jason Ish wrote in #note-5:
@eleblond @Peter Manev Any thoughts on how to handle the case where there are multiple server headers? We do not handle this for the user agent, either the first or last wins (I'm not sure which). So we could either do:
[...]
or
[...]
in the case where you had the server being run by some joker.
I would propose to handle it the way we do user agent (one single string), and get a weirdness proof output in the "name,value" part of log.
JI Updated by Jason Ish 14 days ago
- Related to Task #8549: http: consider making extended the default added