suricata

Commit Graph

Author	SHA1	Message	Date
Philippe Antoine	bb714c9178	http: have a headers limit Ticket: 7191 So as to avoid quadratic complexity in libhtp. Make the limit configurable from suricata.yaml, and have an event when network traffic goes over the limit.	5 months ago
Philippe Antoine	45bb936187	http: event on request line missing protocol Ticket: 6856	12 months ago
Philippe Antoine	f31ea90836	http: event on chunk extension Chunks extension are defined in rfc2616 section-3.6.1 Ticket: #6159	2 years ago
Philippe Antoine	11f849c3ee	protocol-change: sets event in case of failure Protocol change can fail if one protocol change is already occuring. Ticket: #5509	3 years ago
Philippe Antoine	334b1382e0	http: : fix int warnings Explicitly truncate file names to UINT16_MAX Before, they got implicitly truncated, meaning a UINT16_MAX + 1 file name, went to 0 file name (because of modulo 65536)	3 years ago
Philippe Antoine	e82416a415	http/range: reassemble files from different flows with range adds a container, ie a thread safe hash table whose key is the filename keep a tree of unordered ranges, up to a memcap limit adds HTPFileOpenWithRange to handle like HTPFileOpen if there is a range : open 2 files, one for the whole reassembled, and one only for the current range	3 years ago
Philippe Antoine	053c728871	http: adds debug check against too many warnings	5 years ago
Philippe Antoine	af4f816204	http: sets compression bomb limit	6 years ago
Philippe Antoine	9cbf9ef7a4	HTTP new parser warning for Ambiguous C-L	6 years ago
Victor Julien	c9c23d5cda	htp: set lzma memlimit from config	6 years ago
Philippe Antoine	b5f3e03209	New app layer event for invalid http request line Handles logs from libhtp even if case of error	6 years ago
Philippe Antoine	8a339e73d3	http: adds an event for double encoded uri	6 years ago
Philippe Antoine	3e12066819	http: adds events for each libhtp log Fixes #997	6 years ago
Philippe Antoine	b6b7778e2d	http: adds event for header repetition	6 years ago
Philippe Antoine	a1c6e091ac	http: new event for auth unrecognized activates libhtp auth parsing Fixes #984	6 years ago
Victor Julien	d0cded2523	http: set events for too many layers of compression libhtp would already issue warnings, but these were not mapped to events yet.	7 years ago
Victor Julien	52195a4192	http: add event for leading spaces on request line Libhtp will issue a warning in this case, so we can match on this. This patch adds event, rule and unittest.	10 years ago
Victor Julien	e78e33a428	http: add event for suspicious method delimeter Add event and rule for suspicious delim(s) between method and uri. Add unittests as well.	10 years ago
Victor Julien	5ad7198dc0	http: add libhtp uri warning event Add event for libhtp warning added 0.5.17 for URI's with suspicious delimeters.	10 years ago
Victor Julien	cb15000387	http: add new events for invalid host header and host part of uri	12 years ago
Victor Julien	85f13c4e28	http: update http rules	12 years ago
Victor Julien	9f519e95a2	http: add event for libhtp detection of request port not matching tcp port.	12 years ago
Victor Julien	aded3c5578	http: 'HTTP Host header ambiguous' after libhtp update. It now fires if hostname is present both in URL and Host header and the 2 are not equal.	13 years ago
Victor Julien	e21d8cdf01	file extract: improve multipart parsing and set events on some error conditions.	13 years ago
Victor Julien	93d121bf21	Update app layer events for HTTP now that libhtp has fixes for some response errors.	13 years ago
Victor Julien	132d9d1789	Add http-events.rules with an example rule for each HTTP event.	13 years ago

26 Commits (36111450ac1274bb15055347f97e20099f62d892)