- Pulse Secure Community
- :
- About martin.scarrow
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
since
11-04-2013
03-06-2018
martin.scarrow
Occasional Contributor
9
Posts
1
Kudos
2
Solutions
11-02-2017
07:14:AM
Hi We have a Virtual Server that we require a client certificate, and we check it against a customers CA. What our customer is asking if we can restrict it to a single certificate signed by this CA rather than any cert signed by the CA. I have tried to created the following traffic script, to check if the cert is issued by the CA and if the serial number matches, and if it doesnt return a 403 Forbidden, otherwise carry on: $issuer = ssl.clientCertIssuer();
$serial = ssl.clientCertSerial();
if($issuer != "ROOT_CA" && $serial != "AA BB CC DD EE 11 22 33 44 55 66 77 88 ") {
http.sendResponse( 403, "text/html", "Forbidden","" );
} but it is erroring at the start of the serial number: Error: line 4: illegal character: ^"
if($issuer != "ROOT_CA" && $serial != "AA BB CC DD EE 11 22 33 44 55 66 77 88 ") {
^
Error: line 4: illegal character: ^�
if($issuer != "ROOT_CA" && $serial != "AA BB CC DD EE 11 22 33 44 55 66 77 88 ") {
^
Error: line 4: illegal character: ^�
if($issuer != "ROOT_CA" && $serial != "AA BB CC DD EE 11 22 33 44 55 66 77 88 ") {
^ Am I doing this the correct way, or is there a better way to restrict it to a single client certificiate? Thanks in advance Martin
... View more
11-26-2014
04:14:AM
1 Kudo
Hi Bjarke, Thank you for your response it helped me come up with the following script to fix the problem: -------------------------------------------------------------------- #Telkomsel_POST_Fixup $url = http.getRawURL(); # Rewrite Path to remove the IP Address if( string.contains( $url , "10.10.10.8" ) || string.contains( $url , "10.10.10.9" ) ) { http.setPath( "Test_Page/Testing_Page_ID.aspx" ); -------------------------------------------------------------------- Thanks again Martin
... View more
11-26-2014
01:57:AM
Hi I am new to Riverbed Traffic Scripts. What i need to do is change the post URL that someone is trying to POST to. I am probably not explaining it correctly. When the customer does a GET from our web server the packet capture shows just the query string: GET /Test_Page/Testing_Page_ID.aspx?trx_id=DFT12345678901234567890&token=8zxc4v85bnmas3005216 But when i see the POST (they are going to post some XML. I am seeing the following: POST http://10.10.10.8:8000/Test_Page/Testing_Page_ID.aspx We are then returning a 404 (not that i can see this on the IIS server logs, so i am guessing the STM is returning it, but i might be wrong? Is there a way using a traffic script to remove the first part of it and just use the query string to fo the POST? Thanks in advance for your help Martin
... View more
07-15-2014
02:31:AM
Hi, I'm trying to find a way of finding out what pools are used by a given rule. I know I could parse the rule for pool.use/pool.select But i'm wondering if there is a better way. Many thanks Martin
... View more
07-07-2014
06:26:AM
Turns out a developer here managed to get it working, doing some clever .NET scripting and capturing the xml response, not that i understand it. In case anyone comes accross this page here is an example of the code to disable a VS with SoapUI: <s:Envelope xmlns:s=" http://schemas.xmlsoap.org/soap/envelope/ "> <s:Body s:encodingStyle=" http://schemas.xmlsoap.org/soap/encoding/ " xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance " xmlns:xsd=" http://www.w3.org/2001/XMLSchema "> <q1:setEnabled xmlns:q1=" http://soap.zeus.com/zxtm/1.0/VirtualServer/ "> <names href="#id1" /> <values href="#id2" /> </q1:setEnabled> <q2:Array id="id1" q2:arrayType="xsd:string[2]" xmlns:q2=" http://schemas.xmlsoap.org/soap/encoding/ "> <Item>VIRTUAL SERVER NAME</Item> <Item>VIRTUAL SERVER NAME</Item> </q2:Array> <q3:Array id="id2" q3:arrayType="xsd:boolean[2]" xmlns:q3=" http://schemas.xmlsoap.org/soap/encoding/ "> <Item>TRUE/FALSE</Item> <Item>TRUE/FALSE</Item> </q3:Array> </s:Body> </s:Envelope>
... View more
07-07-2014
03:54:AM
Hi, I am trying to control my STM through SoapUI, but i am not able to find any information on the help pages about this, lots about Java/Perl but notthing on SOAPUI. i have found the basics OK, such as getting the Virtual Servers listed, but no idea on how to actually disabled them! Has anyone out there done this before? Or can someone point me towards some documentation. Thanks in advance. Martin
... View more
04-23-2014
12:35:AM
Apologies for not replying to your posts i have been away. Riverbed resolved the issue i was having, clearing the IPTables fixed the issue. Thanks Martin
... View more
03-07-2014
01:23:AM
Hi I have a question that no one seems to be able to help with. I have the following set-up: Server------Firewall------VPN------Firewall------STM------Router------Server I am trying to access the server behind the STM over the VPN. The problem I am having is that the STM isn't forwarding on the requests. The STM's internal NIC is on the same network as the server. And i can ping the host from the STM. We run NAT for outbound connectivity so IP Forwarding is enabled: -----------------8<----------------- stm-01:/etc# cat /proc/sys/net/ipv4/ip_forward 1 -----------------8<----------------- But I am still not able to get traffic to route from outside to inside. If i run a tcpdump i can see the request getting to the STM but no response. Is there anyone out there that has done this or knows how to achieve this. If you need any more information please let me know. Thanks Martin
... View more
Latest Tags
No tags yet
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy.
Pulse Secure has updated its Privacy Policy effective June 28, 2017.
