Actions
Bug #2810
closedenabling add request/response http headers in master
Affected Versions:
Effort:
Difficulty:
Label:
Description
I was trying out the new response/request header feature ( https://github.com/OISF/suricata/pull/3639 - many thanks for the contribution !) for login and noticed the following
Using latest master as of the time of posting this issue:
suricata -V This is Suricata version 5.0.0-dev (rev 6c0ec0b2)
Default in yaml
# set this value to one among {both, request, response} to dump all
# http headers for every http request and/or response
# dump-all-headers: [both, request, response]
Given the default setting above in yaml a user may just try to adjust the dump-all-headers and use only "both" or "request, response" inside the []. In those cases the logging of the response/request headers will not work as intended (at least in my tests). See bellow:
Does not work
# set this value to one among {both, request, response} to dump all
# http headers for every http request and/or response
dump-all-headers: [request, response]
Does not work
# set this value to one among {both, request, response} to dump all
# http headers for every http request and/or response
dump-all-headers: [both]
Does not work
# set this value to one among {both, request, response} to dump all
# http headers for every http request and/or response
dump-all-headers: "response, request"
Works
# set this value to one among {both, request, response} to dump all
# http headers for every http request and/or response
dump-all-headers: "both"
Thanks Andreas for the pointer.
Actions