Question on VoIP rule unquoted To header

[sandeep al via Snort-sigs <snort-sigs () lists snort org>]

Hi

I have question on Snort VOIP rule to block unquoted To Header

alert tcp $EXTERNAL_NET any -> $SIP_SERVERS $SIP_PORTS ( msg:"PROTOCOL-VOIP
To header unquoted tokens in field attempt"; flow:to_server,established;
content:"To|3A|",fast_pattern,nocase; http_header;
pcre:"/^To\x3A\s+[^\r\n\x22\x3C]*[\x3B\x27\x2C]/smi"; metadata:policy
max-detect-ips drop; service:sip; reference:url,www.ietf.org/rfc/rfc4475.txt;
classtype:attempted-dos; sid:20341; rev:4; )

In the SIP RFC 3261 section
https://tools.ietf.org/html/rfc3261#section-20.39
we have To header with this format which is valid
  *sip:+12125551212 () server phone2net com
<sip%3A%2B12125551212 () server phone2net com> *

But when we get response the tag will be attached to header(;tag=387447) and
it is *blocked by the above snort rule* as unquoted string.
*sip:+12125551212 () server phone2net com
<sip%3A%2B12125551212 () server phone2net com>;tag=387447*

It looks like valid message but blocked is there anything I am missing ?
or
Is it OK to disable/modify the rule to accept the Message.

Thanks

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!