[Oisf-users] http_cookie matches headers case-insensitive?
Victor Julien
lists at inliniac.net
Tue Aug 25 08:15:01 UTC 2015
On 08/24/2015 07:01 PM, Darren Spruell wrote:
> Hi,
>
> Hoping to verify that header matching on the http_cookie modifer and
> associated PCRE modifier (/C) can work regardless of the casing on the
> HTTP header; i.e. both of these examples are extracted for the target
> buffer correctly:
>
> set-cookie: bss=KTDhAUz38vWYQLy2SPcAAdm5c6AK; Version=1; Expires=Mon,
> 03-Nov-2014 05:45:33 GMT; Max-Age=600; Path=/
>
> Set-Cookie: bss=CMjA4YU38t73e2lVITBAAdnpRGcF; Version=1; Expires=Thu,
> 20-Aug-2015 10:18:56 GMT; Max-Age=600; Path=/
>
> I'm sure this must be the case but just want to validate.
Yep, it's case insensitive.
> When inspecting the buffer, is the header name present? Or does the
> buffer only include the header value? For example, would
> pcre:"/^bss=/C"; match the above samples correctly?
>
Value only. So your example should match.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list