Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-17 14:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Update main.bro

Browse source 
The HTTP "Origin" header is a useful header for CSRF, Chrome plugins making requests, and other scenarios where referrer may not be present.
Reference:
https://tools.ietf.org/html/rfc6454#section-7  ---- "In some sense, the origin granularity is a historical artifact of how the security model evolved."
Especially useful if origin/referrer is a "file://" ---- https://tools.ietf.org/html/rfc6454#section-4
This commit is contained in:
Nate Guagenti 2017-09-05 19:33:20 -04:00 committed by GitHub
parent 5efaaf1368
commit 5a526a5f4f
1 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
scripts/base/protocols/http/main.bro
View file

@ -46,6 +46,8 @@ export {
version: string &log &optional;
## Value of the User-Agent header from the client.
user_agent: string &log &optional;
## Value of the Origin header from the client.
origin: string &log &optional;
## Actual uncompressed content size of the data transferred from
## the client.
request_body_len: count &log &default=0;
@ -258,8 +260,8 @@ event http_header(c: connection, is_orig: bool, name: string, value: string) &pr
else if ( name == "RANGE" )
c$http$range_request = T;
else if ( name == "USER-AGENT" )
c$http$user_agent = value;
else if ( name == "ORIGIN" )
c$http$origin = value;
else if ( name in proxy_headers )
{