From 617edf469c9961f026bc2804230c3124c1c35d7d Mon Sep 17 00:00:00 2001
From: Eileen Donlon <emdonlo@gmail.com>
Date: Mon, 12 Mar 2012 20:31:58 -0400
Subject: [PATCH] reject http_client_body with inconsistent flow dir

reject http_client_body with flow: to_client or from_server
---
 src/detect-http-client-body.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/detect-http-client-body.c b/src/detect-http-client-body.c
index 5ce8a12959..90546a5619 100644
--- a/src/detect-http-client-body.c
+++ b/src/detect-http-client-body.c
@@ -128,6 +128,11 @@ int DetectHttpClientBodySetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
         goto error;
     }
 
+    if (s->flags & SIG_FLAG_TOCLIENT) {
+        SCLogError(SC_ERR_INVALID_SIGNATURE, "http_client_body can not be used with flow:to_client or flow:from_server. ");
+        goto error;
+    }
+
     if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) {
         SigMatch *pm =  SigMatchGetLastSMFromLists(s, 4,
                                                    DETECT_CONTENT, sm->prev,
-- 
2.47.2