From: jason taylor <jtfas90@gmail.com>
Date: Wed, 26 Aug 2020 17:25:23 +0000 (-0400)
Subject: doc: http.host keyword note for matching on port
X-Git-Tag: suricata-6.0.0-rc1~89
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b21160a6e3bd9cb8f6ecad5082dd6cd85928dcee;p=thirdparty%2Fsuricata.git

doc: http.host keyword note for matching on port

Signed-off-by: jason taylor <jtfas90@gmail.com>
---

diff --git a/doc/userguide/rules/http-keywords.rst b/doc/userguide/rules/http-keywords.rst
index da5529c796..7327e12cc2 100644
--- a/doc/userguide/rules/http-keywords.rst
+++ b/doc/userguide/rules/http-keywords.rst
@@ -648,6 +648,10 @@ to specify a lowercase pattern.
 Notes
 ~~~~~
 
+-  ``http.host`` does not contain the port associated with
+   the host (i.e. abc.com:1234). To match on the host and port
+   or negate a host and port use ``http.host.raw``.
+
 -  The ``http.host`` and ``http.host.raw`` buffers are populated
    from either the URI (if the full URI is present in the request like
    in a proxy request) or the HTTP Host header. If both are present, the