mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
d6d26a3ea7
* topic/robin/http-connect: HTTP fix for output handlers. Expanding the HTTP methods used in the signature to detect HTTP traffic. Updating submodule(s). Fixing removal of support analyzers, plus some tweaking and cleanup of CONNECT code. HTTP CONNECT proxy support. BIT-1132 #merged
15 lines
700 B
Standard ML
15 lines
700 B
Standard ML
# List of HTTP headers pulled from:
|
|
# http://annevankesteren.nl/2007/10/http-methods
|
|
signature dpd_http_client {
|
|
ip-proto == tcp
|
|
payload /^[[:space:]]*(OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT|PROPFIND|PROPPATCH|MKCOL|COPY|MOVE|LOCK|UNLOCK|VERSION-CONTROL|REPORT|CHECKOUT|CHECKIN|UNCHECKOUT|MKWORKSPACE|UPDATE|LABEL|MERGE|BASELINE-CONTROL|MKACTIVITY|ORDERPATCH|ACL|PATCH|SEARCH|BCOPY|BDELETE|BMOVE|BPROPFIND|BPROPPATCH|NOTIFY|POLL|SUBSCRIBE|UNSUBSCRIBE|X-MS-ENUMATTS|RPC_OUT_DATA|RPC_IN_DATA)[[:space:]]*/
|
|
tcp-state originator
|
|
}
|
|
|
|
signature dpd_http_server {
|
|
ip-proto == tcp
|
|
payload /^HTTP\/[0-9]/
|
|
tcp-state responder
|
|
requires-reverse-signature dpd_http_client
|
|
enable "http"
|
|
}
|