Additional HTTP Inspect Preprocessor Rules
You can enable the rules in the Preprocessor Rule GID:SID column of the following table to generate events for HTTP Inspect preprocessor rules that are not associated with specific configuration options.
|
Preprocessor Rule GID:SID |
Triggers when... |
|---|---|
|
119:21 |
an HTTP request header has more than one |
|
119:24 |
an HTTP request has more than one Host header. |
|
119:28 |
an HTTP POST method has neither a |
|
119:32 |
HTTP version 0.9 is encountered in traffic. Note that the TCP stream configuration must also be enabled. |
|
119:33 |
an HTTP URI includes an unescaped space. |
|
119:34 |
a TCP connection contains 24 or more pipelined HTTP requests. |
|
120:5 |
UTF-7 encoding is encountered in HTTP response traffic; UTF-7 should only appear where 7-bit parity is required, such as in SMTP traffic. |
|
120:8 |
the |
|
120:18 |
an HTTP server response occurs before the client request. |
|
120:19 |
an HTTP response includes multiple content lengths. |
|
120:20 |
an HTTP response includes multiple content encodings. |
|
120:25 |
an HTTP response includes invalid header folding. |
|
120:26 |
a junk line occurs before an HTTP response header. |
|
120:27 |
an HTTP response does not include an end of header. |
|
120:28 |
an invalid chunk size occurs, or chunk size is followed by junk characters. |