[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.0beta1-351-ga8b971c
noreply at openinfosecfoundation.org
noreply at openinfosecfoundation.org
Tue Nov 19 15:08:31 UTC 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via a8b971c710233bf59f0b68732a83bb7a5db0054e (commit)
from de6cbb01c85e7b3837f38f78367cfddc17cf8fd7 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a8b971c710233bf59f0b68732a83bb7a5db0054e
Author: Victor Julien <victor at inliniac.net>
Date: Tue Nov 19 15:26:36 2013 +0100
http: strip 'proxy' part of http_uri
Strip the 'proxy' parts from the normalized uri as inspected by http_uri,
urilen, pcre /U and others.
In a request line like:
GET http://suricata-ids.org/blah/ HTTP/1.1
the normalized URI will now be:
/blah/
This doesn't affect http_raw_uri. So matching the hostname, etc is still
possible through this keyword.
Additionally, a new per HTTP 'personality' option was added to change
this behavior: "uri-include-all":
uri-include-all: <true|false>
Include all parts of the URI. By default the
'scheme', username/password, hostname and port
are excluded. Setting this option to true adds
all of them to the normalized uri as inspected
by http_uri, urilen, pcre with /U and the other
keywords that inspect the normalized uri.
Note that this does not affect http_raw_uri.
So adding uri-include-all:true to all personalities in the yaml will
restore the old default behavior.
Ticket 1008.
-----------------------------------------------------------------------
Summary of changes:
src/app-layer-htp-libhtp.c | 89 +++++++++--------
src/app-layer-htp-libhtp.h | 2 +-
src/app-layer-htp.c | 227 +++++++++++++++++++++++++++++++++++++++++++-
src/app-layer-htp.h | 2 +
suricata.yaml.in | 10 ++
5 files changed, 286 insertions(+), 44 deletions(-)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list