Snort parses the HTTP version from request and response start/status lines and makes it accessible to rule-writers via the
http_version sticky buffer. This is usually
http_version also allows for an optional
request argument, which is useful if writing detection that looks at both an HTTP client request and the HTTP server response to that request. More specifically, this
request argument is used to signify that the
http_version match or matches should apply to the HTTP version from the request if other parts of the rule are examining the response. More information on this topic can be found on this page.