cancel
Showing results for 
Search instead for 
Did you mean: 

Pulse Secure vADC

Sort by:
Following up on this earlier article try using the below TrafficScript code snippet to automatically insert the Google Analytics code on all your webpages.  To use it: Copy the rule onto your Stingray Traffic Manager  by first navigating Catalogs -> Rules Scroll down to Create new rule, give the rule a name, and select Use TrafficScript Language.  Click Create Rule to create the rule. Copy and paste the rule below. Change $account to your Google Analytics account number. If you are using multiple domains as described here set $multiple_domains to TRUE and set $tld to your Top Level Domain as specified in your Google Analytics account. Set the rule as a Response Rule in your Virtual Server by navigating to Services -> Virtual Servers -> <your virtual server> -> Rules -> Response Rules and Add rule. After that you should be good to go.  No need to individually modify your web pages, TrafficScript will take care of it all. # # Replace UA-XXXXXXXX-X with your Google Analytics Account Number # $account = 'UA-XXXXXXXX-X'; # # If you are tracking multiple domains, ie yourdomain.com, # yourdomain.net, etc. then set $mutliple_domains to TRUE and # replace yourdomain.com with your Top Level Domain as specified # in your Google Analytics account # $multiple_domains = FALSE; $tld = 'yourdomain.com'; # # Only modify text/html pages # if( !string.startsWith( http.getResponseHeader( "Content-Type" ), "text/html" )) break; # # This variable contains the code to be inserted in the web page. Do not modify. # $html = "\n<script type=\"text/javascript\"> \n \   var _gaq = _gaq || []; \n \   _gaq.push(['_setAccount', " . $account . "]); \n"; if( $multiple_domains == TRUE ) {   $html .= " _gaq.push(['_setDomainName', " . $tld . "]); \n \   _gaq.push(['_setAllowLinker', true]); \n"; } $html .= " _gaq.push(['_trackPageview']); \n \   (function() { \n \   var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; \n \   ga.src=('https:' == document.location.protocol ? ' https://ssl ' : ' http://www ') + '.google-analytics.com/ga.js'; \n \   var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); \n \   })(); \n \ </script>\n"; # # Insert the code right before the </head> tag in the page # $body = http.getResponseBody(); $body = string.replace( $body, "</head>", $html . "</head>"); http.setResponseBody( $body );
View full article
A great usage of TrafficScipt is for managing and inserting widgets on to your site.  The attached TrafficScript code snippet inserts a Twitter Profile Widget to your site, as described here (sign in required).   To use it.   In the Stingray web interface navigate to Catalogs -> Rules and s croll down to Create new rule .  Give it a name such as Twitter Feed and select Use TrafficScript Language.  Click Create Rule to create the rule. Copy and paste the code and save the rule. Modify the $user and $tag as described in the TrafficScript code snippet.  $user is your Twitter username and $tag specifies where in the web page the feed should go. Navigate to the Rules page of your Virtual Server ( Services -> Virtual Servers -> <your virtual server> -> Rules) and add Twitter Feed as a Response Rule   Reload your webpage and you should see the Twitter feed.   # # This TrafficScript code snippet will insert a Twitter Profile widget # for user $user as described here: # https://twitter.com/about/resources/widgets/widget_profile # The widget will be added directly after $tag. The resultant page will # look like: # ... # <tag> # <Twitter feed> # ... # # Replace 'riverbed' with your Twitter username $user = "riverbed"; # # You can keep the tag as <!--TWITTER FEED--> and insert that tag into # your web page or change $tag to some existing text in your web page, ie # $tag = "Our Twitter Feed:" $tag = "<!--TWITTER FEED-->"; # Only modify text/html pages if( !string.startsWith( http.getResponseHeader( "Content-Type" ), "text/html" )) break; # # The actual code that will be inserted. Various values such as color, # height, width, etc. can be changed here. # $html = "\n\ <script charset=\"utf-8\" src=\"http://widgets.twimg.com/j/2/widget.js\"></script> \n \ <script> \n \ new TWTR.Widget({ \n \ version: 2, \n \ type: 'profile', \n \ rpp: 4, \n \ interval: 30000, \n \ width: 250, \n \ height: 300, \n \ theme: { \n \ shell: { \n \ background: '#333333', \n \ color: '#ffffff' \n \ }, \n \ tweets: { \n \ background: '#000000', \n \ color: '#ffffff', \n \ links: '#eb8507' \n \ } \n \ }, \n \ features: { \n \ scrollbar: false, \n \ loop: false, \n \ live: false, \n \ behavior: 'all' \n \ } \n \ }).render().setUser('".$user."').start(); \n \ </script><br>\n"; # This section inserts $html into the HTTP response after $tag $body = http.getResponseBody(); $body = string.replace( $body, $tag, $tag. $html); http.setResponseBody( $body );   Give it a try and let us know how you get on!   More Twitter solutions:   Traffic Managers can Tweet Too TrafficScript can Tweet Too
View full article
A great feature of the Stingray Traffic Manager is the ability to upload External Program Monitors.  An External Program Monitor is a custom health monitor that can be written to monitor any service.  An External Program Monitor for LDAP is available here.   To use it first install ldapsearch onto the Stingray Traffic Manager: apt-get install ldap-utils (For Ubuntu based distros) The key is to install ldap-utils.  Once that is installed, upload and install the monitor: In the Stingray web interface navigate to Catalogs -> Extra Files -> Monitor Programs .  Upload ldap.pl (in the ldap.zip file) Navigate to Catalogs -> Monitors .  Scroll down to Create new monitor .  Give it a name and select External program monitor as the type. Select ldap.pl from the drop down menu that appears. Scroll down to program arguments and create four arguments: base, filter, pass, user.  It should look like the below screenshot: Fill in the fields appropriately: base is your LDAP search base, user and pass are your LDAP login credentials, and filter should be set to the CN associated with user .  For the pass field, Stingray does not automatically insert asterisks, so please be aware of that. Attach the monitor to the appropriate pool. That completes the configuration of the LDAP Health Monitor for the Stingray Traffic Manager. Note: If you are using the virtual appliance, then follow the instructions in this KB article instead.
View full article
The Enforcer rule used by Stingray Application Firewall (SAF) will pass all requests to the local decider processes for inspection and security. For performance reasons, you may not want to inspect all requests.  For example, if some requests that are processed by your virtual server are sent to a cluster of servers hosting static content, and other requests are sent to a completely separate set of transaction servers, then it may make pragmatic sense to just inspect the requests that are routed to your transaction servers. You can whitelist a request by setting the a connection-local variable 'enforcer.whitelist' to '1'. Example The following rule should be applied to the Virtual Server prior to the SAF Enforcer rule.  It will whitelist requests only if they are using the HTTP "GET" method, do not have a Query String, and the file extension appears in the $fileTypes array #=-SAF Bypass Rule. This needs to be run as a request rule prior to the SAF Enforcer rule # Only Bypass GET Requests if ( http.getMethod() != "GET" )    break; # Only byPass requests with no Query String if ( http.getQueryString() )    break; # Array of file extensions to bypass $fileTypes = [ "css", "js", "png", "gif", "jpg" ]; # Pull out extension from path $extension = array.pop( string.split( http.getPath(), ".") ); # If the extension exists in our array, then set the whitelist flag if ( array.contains($fileTypes, $extension) ) {    connection.data.set("enforcer.whitelist", 1); }
View full article
I have several hundred websites that all use host headers in IIS. I would like to use a single virtual/Public IP address and have the traffic manager select the appropriate pool based on the host header passed in. I’ve been using a traffic script similar to the code snippet below. Is there a more efficient way to code this there will be several hundred pools and if statements? Can you do case statements in traffic script? $HostHeader = http.getHostHeader(); if( string.contains( $HostHeader, "site1.test.com" ) ){    pool.use( "Pool_site1.test.com_HTTP"); }else if( string.contains( $HostHeader, "site2.test.com" ) ){    pool.use( "Pool_site2.test.com_HTTP"); }else if( string.contains( $HostHeader, "site3.test.com" ) ){    pool.use( "Pool_site3.test.com_HTTP"); }else if( string.contains( $HostHeader, "site4.test.com" ) ){    pool.use( "Pool_site4.test.com_HTTP"); }else if( string.contains( $HostHeader, "site5.test.com" ) ){    pool.use( "Pool_site5.test.com_HTTP"); }else if( string.contains( $HostHeader, "site6.test.com" ) ){    pool.use( "Pool_site6.test.com_HTTP"); }else{    http.changeSite( " http://www.test.com " );   }
View full article
(Originally posted Aug 19 2009) Accessing Zeus' Control API from Scala is a relatively straightforward process. It is almost identical to the process you use for Java. Currently the best way to access the control API is using the Apache axis library which you can obtain here . You will also need the WSDL files describing the API. To download the WSDL files go to the Zeus Admin Server then to the online help, and look for the "Zeus Control API WSDL Files" link on the 'Manuals' page. One final dependency that needs to be satisfied is that we need the javamail package, which can be found here . Once you have downloaded and extracted these files we need to convert the WSDL files to Java code, compile them and package them up. On a Unix system you need to issue these commands, > for F in wsdl/ .wsdl ; do java –cp :axis-1_4/lib/ :javamail-1.4.1/lib/* \ org.apache.axis.wsdl.WSDL2Java $F ; done mkdir obj javac –d obj com/zeus/soap/zxtm/ / .java cd obj jar cf ZXTM-API.jar com/zeus This will produce ZXTM-API.jar which you will need to add to your classpath. We are ready to write a Scala program to list the running Virtual Servers. This mirrors our Java example quite closely which you can look at <a href="http://www.zeus.com/community/code-samples/list-running-virtual-servers-using-scala#" target=_blank>here</a> .</p> listVS.scala import com . zeus . soap . zxtm . _1_0 . _ ; import java . security . Security ; import java . security . KeyStore ; import java . security . Provider ; import java . security . cert . X509Certificate ; import javax . net . ssl . ManagerFactoryParameters ; import javax . net . ssl . TrustManager ; import javax . net . ssl . TrustManagerFactorySpi ; import javax . net . ssl . X509TrustManager ; object VSList { def main ( args : Array [ String ]) { Security . addProvider ( new MyProvider ) Security . setProperty ( "ssl.TrustManagerFactory.algorithm" , "TrustAllCertificates" ) val vsl = new VirtualServerLocator vsl . setVirtualServerPortEndpointAddress ( "https://user:pass@localhost:9090/soap" ) val port = vsl . getVirtualServerPort val vs_names = port . getVirtualServerNames val enabled_vs = port . getEnabled ( vs_names ) for ( i <- 0 until vs_names . length ) if ( enabled_vs ( i ) ) println ( vs_names ( i )) } } // Below is TrustManager boiler-plate object MyTrustManagerFactory extends TrustManagerFactorySpi { override def engineInit ( keystore : KeyStore ) {} override def engineInit ( mgrparams : ManagerFactoryParameters ) {} override def engineGetTrustManagers = { Array [ TrustManager ]( new MyX509TrustManager ) } } class MyX509TrustManager extends X509TrustManager { override def checkClientTrusted ( chain : Array [ X509Certificate ], authType : String ) {} override def checkServerTrusted ( chain : Array [ X509Certificate ], authType : String ) {} override def getAcceptedIssuers : Array [ X509Certificate ] = null } class MyProvider extends Provider ( "MyProvider" , 1.0 , "Trust certificates" ) { put ( "TrustManagerFactory.TrustAllCertificates" , MyTrustManagerFactory . getClass . getName ) } Running the example is pretty simple, first compile it, > scalac -classpath ZXTM-API.jar listVS.scala then run it, > scala -classpath ZXTM-API.jar listVS Main website Mail servers Test site
View full article
If you're running Apache HTTPD, you might have seen the recent advisory (and update) which can cause "significant CPU and memory usage" by abusing the HTTP/1.1 Range header.   If you're using Stingray Application Firewall simply update your baseline rules and you will be immediately protected. Otherwise, you can use TrafficScript to block this attack:   # Updated: Remove (if present) an old name that Apache accepts, MSIE 3 vintage http.removeHeader( "Request-Range" ); $r = http.getHeader( "Range" ); if( $r && string.count( $r, "," ) >= 5 ) { # Too many ranges, refuse the request http.sendResponse( "403 Forbidden", "text/plain", "Forbidden\n", "" ); }   This simply returns a 403 Forbidden response for any request asking for more than 5 ranges (at least 5 commas in the Range header). This is in line with the advisory's suggested mitigation: we don't block multiple ranges completely because they have legitimate uses, such as PDF readers that request parts of the document as you scroll through it, and the attack requires many more ranges to be effective.
View full article