From: Philippe Antoine <contact@catenacyber.fr>
Date: Mon, 26 Apr 2021 13:00:39 +0000 (+0200)
Subject: Adds check for http.server keyword on http2 traffic
X-Git-Tag: suricata-6.0.4~90
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6dd873a1f2f5ae4eeb4a57e13919b6f5594ec57b;p=thirdparty%2Fsuricata-verify.git

Adds check for http.server keyword on http2 traffic
---

diff --git a/tests/http2-keywords2/test.rules b/tests/http2-keywords2/test.rules
index c0619081f..50faf3ffb 100644
--- a/tests/http2-keywords2/test.rules
+++ b/tests/http2-keywords2/test.rules
@@ -4,3 +4,5 @@ alert http any any -> any any (http.uri; content:"/robots.txt"; sid:12;)
 
 alert http2 any any -> any any (http.user_agent; content:"curl"; sid:20;)
 alert http2 any any -> any any (http.stat_code; content:"404"; sid:21;)
+
+alert http2 any any -> any any (http.server; content:"nghttpx"; sid:30;)
diff --git a/tests/http2-keywords2/test.yaml b/tests/http2-keywords2/test.yaml
index bed395a24..65d5a47a5 100644
--- a/tests/http2-keywords2/test.yaml
+++ b/tests/http2-keywords2/test.yaml
@@ -35,3 +35,8 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 21
+  - filter:
+      count: 2
+      match:
+        event_type: alert
+        alert.signature_id: 30