65 static bool DetectHttpHostValidateCallback(
70 Flow *_f,
const uint8_t _flow_flags,
71 void *txv,
const int list_id);
76 static int g_http_raw_host_buffer_id = 0;
80 const uint8_t _flow_flags,
void *txv,
const int list_id);
84 static int g_http_host_buffer_id = 0;
95 "/rules/http-keywords.html#http-host-and-http-raw-host";
123 DetectHttpHostValidateCallback);
133 "or the raw hostname from the HTTP uri";
135 "/rules/http-keywords.html#http-host-and-http-raw-host";
160 "http raw host header");
184 static bool DetectHttpHostValidateCallback(
191 for (; sm != NULL; sm = sm->
next) {
195 *sigerror =
"http.host keyword "
196 "specified along with \"nocase\". "
197 "The hostname buffer is normalized "
198 "to lowercase, specifying "
199 "nocase is redundant.";
209 *sigerror =
"A pattern with "
210 "uppercase characters detected for http.host. "
211 "The hostname buffer is normalized to lowercase, "
212 "please specify a lowercase pattern.";
244 const uint8_t _flow_flags,
void *txv,
const int list_id)
248 htp_tx_t *tx = (htp_tx_t *)txv;
250 if (htp_tx_request_hostname(tx) == NULL)
253 const uint32_t data_len = bstr_len(htp_tx_request_hostname(tx));
254 const uint8_t *data = bstr_ptr(htp_tx_request_hostname(tx));
257 det_ctx, list_id, buffer, data, data_len, transforms);
270 const uint8_t *b = NULL;
272 if (rs_http2_tx_get_host_norm(txv, &b, &b_len) != 1)
274 if (b == NULL || b_len == 0)
290 const uint8_t *b = NULL;
292 if (rs_http2_tx_get_host(txv, &b, &b_len) != 1)
294 if (b == NULL || b_len == 0)
342 const uint8_t _flow_flags,
void *txv,
const int list_id)
346 htp_tx_t *tx = (htp_tx_t *)txv;
348 const uint8_t *data = NULL;
349 uint32_t data_len = 0;
351 if (htp_uri_hostname(htp_tx_parsed_uri(tx)) == NULL) {
352 if (htp_tx_request_headers(tx) == NULL)
355 const htp_header_t *h = htp_tx_request_header(tx,
"Host");
356 if (h == NULL || htp_header_value(h) == NULL)
359 data = htp_header_value_ptr(h);
360 data_len = htp_header_value_len(h);
362 data = (
const uint8_t *)bstr_ptr(htp_uri_hostname(htp_tx_parsed_uri(tx)));
363 data_len = bstr_len(htp_uri_hostname(htp_tx_parsed_uri(tx)));
367 det_ctx, list_id, buffer, data, data_len, transforms);