AnsweredAssumed Answered

HTTP parser and

Question asked by RSA Admin Employee on Dec 10, 2014
Latest reply on Dec 11, 2014 by RSA Admin

Recently we noticed that some sessions (not all) that contain HTTP requests with an IP address in the "Host" header are not getting populated with the meta.  My question is: how does the HTTP parser decide what value to assign to that meta?  Also, is this common or expected behavior?


If it helps, many of the sessions with this issue are very simple.  A completely fabricated, but syntactically accurate example:



Accept: */*

Content-Type: application/octet-stream

User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Win32)


Content-length: 90

Connection: Keep-Alive




All of this is happening on the latest 9.8 stack.  Not all sessions on each decoder are affected.  Thanks in advance for your help.