aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

doc: http.uri.raw has no spaces

Browse Source 
as they are in the protocol

cf bug #2881
pull/5624/head
Philippe Antoine 4 years ago committed by Victor Julien
parent f3c59ef8a6
commit 6b30890de9
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File

6
doc/userguide/rules/http-keywords.rst
Unescape Escape View File

@ -190,6 +190,12 @@ characters %20 in a uri. This means matching on the uri.raw. The
uri.raw and the normalized uri are separate buffers. So, the uri.raw
inspects the uri.raw buffer and can not inspect the normalized buffer.
.. note:: uri.raw never has any spaces in it.
With this request line ``GET /uid=0(root) gid=0(root) HTTP/1.1``,
the ``http.uri.raw`` will match ``/uid=0(root)``
and ``http.protocol`` will match ``gid=0(root) HTTP/1.1``
Reference: `https://redmine.openinfosecfoundation.org/issues/2881 <https://redmine.openinfosecfoundation.org/issues/2881>`_
Example of the URI in a HTTP request:
.. image:: http-keywords/uri1.png

Write Preview
Loading…
Cancel
Save