From: Ralph Broenink Date: Sat, 14 Oct 2017 10:09:31 +0000 (+0200) Subject: doc: Minor changes in structuring of HTTP Keywords / Snort differences X-Git-Tag: suricata-4.1.0-beta1~503 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f6c766112c9be5191c4872dea54cbcebaeb6a56e;p=thirdparty%2Fsuricata.git doc: Minor changes in structuring of HTTP Keywords / Snort differences --- diff --git a/doc/userguide/rules/differences-from-snort.rst b/doc/userguide/rules/differences-from-snort.rst index 5c26a0815e..d684c3117f 100644 --- a/doc/userguide/rules/differences-from-snort.rst +++ b/doc/userguide/rules/differences-from-snort.rst @@ -2,19 +2,12 @@ Differences From Snort ====================== -Overview --------- This document is intended to highlight the major differences between Suricata and Snort that apply to rules and rule writing. Where not specified, the statements below apply to Suricata. In general, references to Snort refer to the version 2.9 branch. -Contents --------- - -.. contents:: - Automatic Protocol Detection ---------------------------- diff --git a/doc/userguide/rules/http-keywords.rst b/doc/userguide/rules/http-keywords.rst index af6a38ec4f..f8c80f65a7 100644 --- a/doc/userguide/rules/http-keywords.rst +++ b/doc/userguide/rules/http-keywords.rst @@ -1,5 +1,3 @@ -:tocdepth: 2 - HTTP Keywords ============= .. role:: example-rule-emphasis @@ -22,7 +20,7 @@ refresher: alert http any any -> any any (http_response_line; content:"403 Forbidden"; sid:1;) -The following request keywords are available: +The following **request** keywords are available: ============================== ======================== ================== Keyword Sticky or Modifier Direction @@ -50,7 +48,7 @@ http_protocol Sticky Buffer Both http_header_names Sticky Buffer Both ============================== ======================== ================== -The following response keywords are available: +The following **response** keywords are available: ============================== ======================== ================== Keyword Sticky or Modifier Direction @@ -70,11 +68,12 @@ http_protocol Sticky Buffer Both http_header_names Sticky Buffer Both ============================== ======================== ================== +HTTP Primer +----------- It is important to understand the structure of HTTP requests and responses. A simple example of a HTTP request and response follows: -HTTP request ------------- +**HTTP request** :: @@ -86,8 +85,7 @@ HEAD, etc. The URI path is ``/index.html`` and the HTTP version is the versions 0.9, 1.0 and 1.1, 1.0 and 1.1 are the most commonly used today. -HTTP response -------------- +**HTTP response** :: @@ -178,10 +176,6 @@ Example of the purpose of ``http_uri``: .. image:: http-keywords/uri.png -Example of the purpose of ``http_raw_uri``: - -#.. image:: http-keywords/raw_uri.png - uricontent ----------