From: Philippe Antoine <contact@catenacyber.fr>
Date: Mon, 31 May 2021 08:50:19 +0000 (+0200)
Subject: Adds http.header on HTTP2 traffic check
X-Git-Tag: suricata-6.0.4~59
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1cb4be8e8da701347334bc76be36e82cb9e7a220;p=thirdparty%2Fsuricata-verify.git

Adds http.header on HTTP2 traffic check
---

diff --git a/tests/http2-keywords2/test.rules b/tests/http2-keywords2/test.rules
index 34f5c14f3..518f85dc3 100644
--- a/tests/http2-keywords2/test.rules
+++ b/tests/http2-keywords2/test.rules
@@ -10,3 +10,4 @@ alert http2 any any -> any any (http.method; content:"GET"; sid:31;)
 alert http2 any any -> any any (http.host.raw; content:"nghttp2.org"; sid:32;)
 
 alert http2 any any -> any any (http.header_names; content:"|0d 0a|user-agent|0d 0a|accept|0d 0a|"; sid:33;)
+alert http2 any any -> any any (http.header; content:"user-agent: curl/7.61.0|0d 0a|accept: */*|0d 0a|"; sid:34;)
diff --git a/tests/http2-keywords2/test.yaml b/tests/http2-keywords2/test.yaml
index 19c095f54..9fde64b80 100644
--- a/tests/http2-keywords2/test.yaml
+++ b/tests/http2-keywords2/test.yaml
@@ -55,3 +55,8 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 33
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 34