Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Service Contexts: HTTP

 

The table displays the security context details for HTTP:

Table 1: Service Contexts: HTTP

Context and Direction

Description

Example of Contexts

http-authorization (CTS)

Matches the username and password decoded from the Authorization: Basic header in an HTTP request.

http-data (ANY)

Matches any HTTP data in an HTTP transaction that is not text/html, text/plain, or FORM values in a POST request.

http-first-data-chunk (ANY)

Matches the first data chunk in an HTTP transaction.

http-flash

Matches http payload when content type is flash video or application.

http-form-data (CTS)

Matches each of the form values in a POST request of an HTTP transaction.

http-get-url (CTS)

Matches the URL in an HTTP get request as it appears in the stream.

http-get-url-parsed (CTS)

Matches the decoded, normalized URL in an HTTP get request.

http-head-url (CTS)

Matches the URL in an HTTP head request as it appears in the stream.

http-head-url-parsed (CTS)

Matches the decoded, normalized URL in an HTTP head request.

http-header (ANY)

Matches any HTTP header.

http-header-accept (CTS)

Matches each Accept: header in an HTTP request.

http-header- accept-encoding (CTS)

Matches each Accept-Encoding: header in an HTTP request.

http-header- accept-language (CTS)

Matches each Accept-Language: header in an HTTP request.

http-header- content-encoding (ANY)

Matches each Content-Encoding: header in an HTTP transaction.

http-header- content-language (ANY)

Matches each Content-Language: header in an HTTP transaction.

http-header- content-location (ANY)

Matches each Content-Location: header in an HTTP transaction.

http-header- content-md5 (ANY)

Matches each Content-MD5: header in an HTTP transaction.

http-header- content-type (ANY)

Matches each Content-Type: header in an HTTP transaction.

http-header- cookie (ANY)

Matches each Cookie: header in an HTTP transaction.

http-header- host (CTS)

Matches each Host: header in an HTTP request.

http-header- referer (CTS)

Matches each Referrer: header in an HTTP request.

http-header- soapaction (ANY)

Matches each soapaction: header in an HTTP transaction.

http-header- user-agent (CTS)

Matches each User-Agent: header in an HTTP request.

http-header- x-forwarded-for

http-image (ANY)

Matches IMATE contents (BMP, PNG) in HTTP transaction.

http-jpeg-raw (ANY)

Matches JPEG content in HTTP transaction.

http-jpeg-tag (ANY)

Matches JPEG tag of JPEG content in HTTP transaction.

JPEG image files provide an area for applications to store metadata such as title, date taken, shutter speed, and so on. There are several slots available, each of which holds a group of metadata tags.

A JPEG file contains several segments; each segment contains different kinds of data, delimited by two-byte codes called markers. The markers are hexadecimal; they begin with 0xFF and end with a code (1 byte) indicating the kind of marker.

http-object-tag-clsid (STC)

Matches the CLSID of an object tag.

http-ole

Matches Microsofts OLE contents in HTTP transaction.

http-param-parsed (CTS)

Matches the decoded CGI parameters in an HTTP request.

http-pdf

Matches PDF contents in HTTP transaction.

http-png-chunk (ANY)

Matches contents of PNG chunk to HTTP transaction.

http-post-url (CTS)

Matches the URL in an HTTP post request as it appears in the stream.

HTTP POST URL

POST /index.html?crap=1085538798 HTTP/1.1

1.34. http-post-url pattern: ".*\?.*"

http-post-url-parsed (CTS)

Matches the decoded, normalized URL in an HTTP post request.

http-post-variable (CTS)

Matches each CGI variable in the form data of an HTTP POST request.

http-post- variable-parsed (CTS)

Matches each decoded CGI variable in the form data of an HTTP POST request.

http-request (CTS)

Matches each HTTP request line.

http-request-method (CTS)

Matches the method name in an HTTP request.

http-status (STC)

Matches the status line in an HTTP reply.

http-text-html (ANY)

Matches the text/html data in an HTTP transaction.

http-text-html-body (ANY)

Matches the body of text/html data in an HTTP tranaction

http-text-html-head (ANY)

Matches the header of text/html data in an HTTP transaction.

http-text-html-script (ANY)

Matches the script tag of text/html data in an HTTP transaction.

http-text-html-style (ANY)

Matches the style tag of text/html data in an HTTP transaction.

http-text-html-tag (ANY)

Matches any tag inside text/html data in an HTTP transaction.

http-text-plain (ANY)

Matches the text/plain data in an HTTP transaction.

http-text-soap (ANY)

Matches the text/soap data in and HTTP transaction.

http-text-xml (ANY)

Matches the tex/xml data in an HTTP transaction.

http-url (CTS)

Matches the URL in an HTTP request as it appears in the stream.

http-url-parsed (CTS)

Matches the decoded, normalized URL in an HTTP request.

http-url-parsed-param (CTS)

Matches the decoded, normalized URL in an HTTP request along with the CGI parameters, if any

http-url-parsed-param- parsed (CTS)

Matches the decoded, normalized URL in an HTTP request along with the decoded CGI parameters, if any

http-url-variable (CTS)

Matches each CGI variable in the URL of an HTTP GET request.

http-url- variable-parsed (CTS)

Matches each decoded CGI variable in the URL of an HTTP GET request.

http-variable (CTS)

Matches each CGI variable in an HTTP GET or POST request.

http-variable-parsed (CTS)

Matches each decoded CGI variable in an HTTP GET or POST request.