detect: implement http referer sticky buffer

diff --git a/src/Makefile.am b/src/Makefile.am
index 01b1114a171e811c207d5783db7613d4133d3d65..e4af8bcd07be88ffba08cb52faed0d9ad511e544 100644 (file)
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -176,6 +176,7 @@ detect-http-method.c detect-http-method.h \
 detect-http-protocol.c detect-http-protocol.h \
 detect-http-raw-header.c detect-http-raw-header.h \
 detect-http-raw-uri.c detect-http-raw-uri.h \
+detect-http-referer.c detect-http-referer.h \
 detect-http-request-line.c detect-http-request-line.h \
 detect-http-response-line.c detect-http-response-line.h \
 detect-http-server-body.c detect-http-server-body.h \

diff --git a/src/detect-http-headers.c b/src/detect-http-headers.c
index fda7f53dcf952bf225ad59eb18a8a2a5b8b991f4..f22cdf108cc9700253ad35b395d95139b23a7eb4 100644 (file)
--- a/src/detect-http-headers.c
+++ b/src/detect-http-headers.c
@@ -16,8 +16,10 @@
  */
 
 #include "detect-http-accept.h"
+#include "detect-http-referer.h"
 
 void DetectHttpHeadersRegister(void)
 {
     RegisterHttpHeadersAccept();
+    RegisterHttpHeadersReferer();
 }

diff --git a/src/detect-http-referer.c b/src/detect-http-referer.c
new file mode 100644 (file)
index 0000000..edb48c1
--- /dev/null
+++ b/src/detect-http-referer.c
@@ -0,0 +1,46 @@
+/* Copyright (C) 2007-2017 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \ingroup httplayer
+ *
+ * @{
+ */
+
+
+/**
+ * \file
+ *
+ * \author Victor Julien <victor@inliniac.net>
+ *
+ * Implements support http_referer sticky buffer
+ */
+
+#define KEYWORD_NAME "http_referer"
+#define KEYWORD_DOC "http-keywords#http-referer"
+#define BUFFER_NAME "http_referer"
+#define BUFFER_DESC "http referer header"
+#define HEADER_NAME "Referer"
+#define KEYWORD_ID DETECT_AL_HTTP_HEADER_REFERER
+#define KEYWORD_TOSERVER 1
+
+#include "detect-http-headers-stub.h"
+
+void RegisterHttpHeadersReferer(void)
+{
+    DetectHttpHeadersRegisterStub();
+}

diff --git a/src/detect-http-referer.h b/src/detect-http-referer.h
new file mode 100644 (file)
index 0000000..ae26589
--- /dev/null
+++ b/src/detect-http-referer.h
@@ -0,0 +1,23 @@
+/* Copyright (C) 2007-2017 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+#ifndef __DETECT_HTTP_REFERER_H__
+#define __DETECT_HTTP_REFERER_H__
+
+void RegisterHttpHeadersReferer(void);
+
+#endif /* __DETECT_HTTP_REFERER_H__ */

diff --git a/src/detect.h b/src/detect.h
index 672fc1f0236214b863f72411c5984ec2666a2851..d46dbcd9b4f39a724f8f1e174c218744f9d8ecac 100644 (file)
--- a/src/detect.h
+++ b/src/detect.h
@@ -1242,6 +1242,7 @@ enum {
     DETECT_AL_HTTP_HEADER,
     DETECT_AL_HTTP_HEADER_NAMES,
     DETECT_AL_HTTP_HEADER_ACCEPT,
+    DETECT_AL_HTTP_HEADER_REFERER,
     DETECT_AL_HTTP_RAW_HEADER,
     DETECT_AL_HTTP_URI,
     DETECT_AL_HTTP_RAW_URI,