detect/http-server-body: avoid FP on toserver direction

author Philippe Antoine <pantoine@oisf.net>

Wed, 17 Apr 2024 11:39:39 +0000 (13:39 +0200)

committer Victor Julien <vjulien@oisf.net>

Sat, 20 Apr 2024 06:50:00 +0000 (08:50 +0200)
author Philippe Antoine <pantoine@oisf.net>
Wed, 17 Apr 2024 11:39:39 +0000 (13:39 +0200)
committer Victor Julien <vjulien@oisf.net>
Sat, 20 Apr 2024 06:50:00 +0000 (08:50 +0200)
diff --git a/src/detect-http-server-body.c b/src/detect-http-server-body.c

index 98f0ec581e9488c3f02b0cdb343938af8f389488..28833a8a75bf1dd04ff560bc9253214faddf1aef 100644 (file)
--- a/src/detect-http-server-body.c
+++ b/src/detect-http-server-body.c
@@ -124,6 +124,9 @@ static int DetectHttpServerBodySetupSticky(DetectEngineCtx *de_ctx, Signature *s
          return -1;
      if (DetectSignatureSetAppProto(s, ALPROTO_HTTP) < 0)
          return -1;
+    // file data is on both directions, but we only take the one to client here
+    s->flags |= SIG_FLAG_TOCLIENT;
+    s->flags &= ~SIG_FLAG_TOSERVER;
      return 0;
  }
author	Philippe Antoine <pantoine@oisf.net>
	Wed, 17 Apr 2024 11:39:39 +0000 (13:39 +0200)
committer	Victor Julien <vjulien@oisf.net>
	Sat, 20 Apr 2024 06:50:00 +0000 (08:50 +0200)