[prev in list] [next in list] [prev in thread] [next in thread]
List: oisf-users
Subject: Re: [Oisf-users] Suricata support for size of HTTP bodies
From: Andreas Herz <andi () geekosphere ! org>
Date: 2016-05-02 22:03:27
Message-ID: 20160502220327.GY32051 () ks3360651 ! kimsufi ! com
[Download RAW message or body]
On 22/04/16 at 16:08, Darren S. wrote:
> Is it possible to introduce keywords that can function similar to
> 'dsize', but provides the size of the HTTP request body and the HTTP
> response body?
>
> If I'm not mistaken dsize cannot be used alongside "app layer"
> keywords and it would be great to have keywords providing size of
> buffers not including headers, etc.
>
> I think this may be same/similar to this issue:
>
> # Feature #735: "Introduce content_len keyword"
> https://redmine.openinfosecfoundation.org/issues/735
>
>
> To take this a step further, does it make sense to introduce keywords
> for the size of each buffer provided at the HTTP layer, period?
I would suggest that you open a new issue for that (Feature Request) so
we can discuss that :)
--
Andreas Herz
_______________________________________________
Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic