[Oisf-devel] Support for HTTP range requests
christian at lastline.com
Thu Oct 8 19:02:17 UTC 2015
On 10/08/2015 11:32 AM, Victor Julien wrote:
> Currently libhtp doesn't support this at all. Originally the plan was to
> have libhtp handle most of it, but since Ivan moved on things have been
> in limbo.
Got it. That was my sense, thanks Victor.
> We'll need to update libhtp a bit to start supporting this. I do think
> the 'reassembly' would better be done inside Suricata.
Mhmm yeah, this seems a bit tricky. There could be various policies you
want to use to drive the reassembly. My intuition would be to have most
of it happen in libhtp since the content-ranges are an HTTP-internal
aspect that the library user may not care about at all.
> We do need to think on how to do the data storage. For simple cases we
> may look at the IPPair data structure, but for sites with multiple hosts
> serving a domain we'd need something else. Perhaps a new data store
> searchable by hostname + url.
In case it helps, RFC 7233 has this to say:
When a 206 response is generated, the server MUST generate the
following header fields, in addition to those required above, if the
field would have been sent in a 200 (OK) response to the same
request: Date, Cache-Control, ETag, Expires, Content-Location, and
So there are several ways to track the entity overall.
More information about the Oisf-devel