This detection rule identifies potential HTTP request smuggling attempts, a technique where an attacker manipulates HTTP requests to deceive a web server into interpreting them in an unintended manner. Specifically, it targets scenarios where both `Content-Length` and `Transfer-Encoding` headers are present, leading to confusion between how different components of a web application process requests. The rule leverages the Suricata data source to analyze incoming HTTP request headers, flagging instances that suggest such an attack is underway. It encompasses various checks for these headers and utilizes statistical aggregation to derive insights on the request's behavior, thereby alerting security teams to potentially malicious activities.