From: jason taylor Date: Wed, 20 Sep 2023 20:26:29 +0000 (+0000) Subject: doc: add file.name information to http keyword doc X-Git-Tag: suricata-8.0.0-beta1~1973 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bbc17b1c7dbb0cb56fb3c03411ed9c61bb2d86a0;p=thirdparty%2Fsuricata.git doc: add file.name information to http keyword doc Signed-off-by: jason taylor --- diff --git a/doc/userguide/rules/http-keywords.rst b/doc/userguide/rules/http-keywords.rst index 0c0f652ad3..ba0d7621f3 100644 --- a/doc/userguide/rules/http-keywords.rst +++ b/doc/userguide/rules/http-keywords.rst @@ -44,6 +44,7 @@ http.accept_enc http_accept_enc (*) Request http.referer http_referer (*) Request http.connection http_connection (*) Both file.data file_data (*) Both +file.name filename (*) Request http.content_type http_content_type (*) Both http.content_len http_content_len (*) Both http.start http_start (*) Both @@ -670,7 +671,6 @@ Example:: alert http any any -> any any (flow:to_client; \ http.location; content:"http://www.google.com"; sid:1;) - http.host and http.host.raw --------------------------- @@ -843,4 +843,16 @@ Notes Multiple Buffer Matching ~~~~~~~~~~~~~~~~~~~~~~~~ -``file.data`` supports multiple buffer matching, see :doc:`multi-buffer-matching`. \ No newline at end of file +``file.data`` supports multiple buffer matching, see :doc:`multi-buffer-matching`. + +file.name +--------- + +The ``file.name`` keyword can be used at the HTTP application level. + +Example:: + + alert http any any -> any any (msg:"http layer file.name keyword usage"; \ + file.name; content:"picture.jpg"; classtype:bad-unknown; sid:1; rev:1;) + +For additional information on the ``file.name`` keyword, see :doc:`file-keywords`. \ No newline at end of file