[Oisf-devel] Support for HTTP range requests

Victor Julien victor at inliniac.net
Thu Oct 8 18:32:28 UTC 2015

On 07-10-15 21:14, Christian Kreibich wrote:
> Is support for HTTP range requests on your roadmap? We're noticing
> increased usage of the feature e.g. by Chrome, and it seems that
> Suricata still needs a bit of smarts for stitching together an entity
> from multiple content-ranges. Do I have that right?

Currently libhtp doesn't support this at all. Originally the plan was to
have libhtp handle most of it, but since Ivan moved on things have been
in limbo.

We'll need to update libhtp a bit to start supporting this. I do think
the 'reassembly' would better be done inside Suricata.

We do need to think on how to do the data storage. For simple cases we
may look at the IPPair data structure, but for sites with multiple hosts
serving a domain we'd need something else. Perhaps a new data store
searchable by hostname + url.

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-devel mailing list