git.ipfire.org Git - thirdparty/suricata.git/commit

author	Victor Julien <victor@inliniac.net>
	Tue, 19 Nov 2013 14:26:36 +0000 (15:26 +0100)
committer	Victor Julien <victor@inliniac.net>
	Tue, 19 Nov 2013 14:26:36 +0000 (15:26 +0100)
commit	a8b971c710233bf59f0b68732a83bb7a5db0054e
tree	d934ebe418c4b92318659762261b159a8e5e06f4	tree
parent	de6cbb01c85e7b3837f38f78367cfddc17cf8fd7	commit \| diff

http: strip 'proxy' part of http_uri

Strip the 'proxy' parts from the normalized uri as inspected by http_uri,
urilen, pcre /U and others.

  In a request line like:
    GET http://suricata-ids.org/blah/ HTTP/1.1
  the normalized URI will now be:
    /blah/

This doesn't affect http_raw_uri. So matching the hostname, etc is still
possible through this keyword.

Additionally, a new per HTTP 'personality' option was added to change
this behavior: "uri-include-all":

  uri-include-all: <true|false>
    Include all parts of the URI. By default the
    'scheme', username/password, hostname and port
    are excluded. Setting this option to true adds
    all of them to the normalized uri as inspected
    by http_uri, urilen, pcre with /U and the other
    keywords that inspect the normalized uri.
    Note that this does not affect http_raw_uri.

So adding uri-include-all:true to all personalities in the yaml will
restore the old default behavior.

Ticket 1008.

src/app-layer-htp-libhtp.c		diff \| blob \| blame \| history
src/app-layer-htp-libhtp.h		diff \| blob \| blame \| history
src/app-layer-htp.c		diff \| blob \| blame \| history
src/app-layer-htp.h		diff \| blob \| blame \| history
suricata.yaml.in		diff \| blob \| blame \| history