- Pulse Secure Community
- :
- About cignul9
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
since
12-13-2013
10-30-2017
cignul9
Occasional Contributor
12
Posts
1
Kudos
1
Solution
10-07-2015
11:21:AM
Hey there, pilgrim. Go to your Virtual Service and click Connection Management --> HTTP-Specific Settings. There are two options to forward remote client IP's and one is enabled by default. At the server check for a header named X-Cluster-Client-Ip. X-Forwarded-For is the other. If your server is looking for a specific header and not either of these then you can accomplish that with a TrafficScript. Do you need the TrafficScript?
... View more
03-20-2015
08:11:AM
I see what you did there. I've never used the connection data before. I'll give it a try. Thanks!
... View more
03-19-2015
08:39:AM
Thanks for responding, David. We get the whole cookie when we do that which occassionally is huge and since we wish to disentangle JSESSIONID from all that we are using a work-around. I set the log!format to Custom and remove all the Macro entries. Then I have a request rule that logs what I want. It doesn't capture response deets, but it's all we need for now. Here's the script in case anyone is interested: $clientIp = request.getRemoteIP ( ) ; $referer = http.getHeader ( 'Referer' ) ; $browser = http.getHeader ( 'User-Agent' ) ; $jSessionId = http.getCookie ( 'JSESSIONID' ) ; $path = http.getPath ( ) ; $entries = [ $clientIp , $referer , $browser , $jSessionId , $path ] ; $logString = '' ; foreach ( $entry in $entries ) { if ( $entry == '' ) { $entry = '-' ; } $logString = $logString . ' ' . $entry ; } log.info ( $logString ) ;
... View more
03-18-2015
09:08:AM
We're building a dashboard in splunk to debug some javascript for our single-page web app by sending logs via syslog. The default logging functionality lets us log all manner of things, except for the thing we need. The JSESSIONID is a cookie entry. I can log a cookie with a TrafficScript, but if I do that we're logging twice for each request; once for the default logging, and once again for when our TrafficScript does a log.info(). I hollow out the log format of the default logger to cut down on noise, but the whole situation is rather inelegant. Isn't there a cookie variable like the one for headers, like %{Key-name}k? If not then is there some other method for adding cookie values to the log?
... View more
12-17-2014
09:29:AM
1 Kudo
We have a similar situation. Rather than use a big list of conditions chained together with II we use a resource file. It's syntactically prettier, but also you could update the list without having to rewrite the TrafficScript. We update ours with the REST API. Here's what you might try (NOT TESTED!): # Make a resource file called domains.txt and put it in your catalogs > extra files # > miscellaneous files. Each line in the text file has a domain name that you # want to match to redirect. $resource = 'domains.txt'; # make sure the file is present before you attempt to parse it. if(! (resource.exists($resource))){ # uncomment this line if you want to log when it's missing. # log.warn("Resource file " . $resource . " not found!"); break; } $hostHeader = http.getHostHeader(); $domains = resource.getLines($resource); foreach ($line in $domains){ $domain = $string.trim($line); if ($hostHeader == $domain){ http.changeSite(" http://myfavoritedomain.com/ "); } } Now, you could use a string.regexmatch to check a domain entry with the host header, but be careful! You may accidentally match domains too broadly.
... View more
12-17-2014
09:07:AM
Thanks, Richard. I think it will work out if we set the ciphers per Virtual Server as you suggest. --Shawn
... View more
12-04-2014
12:42:PM
Thanks, Richard. I see the list in help now. There is something that is still confusing though. Shouldn't SSL and TLS have different configs, including their cipher lists? In Global Settings > SSL Configuration, a feature called ssl!ssl3_ciphers is where you configure a list, and the help says these are for SSL, obviously, but apparently TLS on SteelApp uses them too. My TLS1.2 connection to a SteelApp virtual server running HTTPS shows that the cipher I have configured for SSLv3 (there is only one for reasons I'll go into in a moment) is the one it's using. Here's the rub. I need two cipher orders in this post-BEAST and POODLE world, one for TLS and one for SSL. We are trying to retire SSLv3, but for now because of some legacy systems we can't do that for everything. To mitgate the above mentioned vulnerabilities we've disabled all SSL CBC ciphers, which leaves us with RC4. RC4 is weak and it sucks, but we calculate that we're less likely to be hacked for using RC4 than we are using BEAST/POODLE-hackable CBC ciphers. The plan was to use SSL on RC4 and update our legacy services one at a time to TLS. But if I don't have another cipher list for TLS then even though my upgraded services are running TLS I'm still stuck with this old RC4 cipher. The second reason its weird is that IANA-registered TLS ciphers are supposed to start with SSL_ for SSL connections and TLS_ for TLS connections, right? I suppose this way you can create one list and put both kinds in there, hence my original question. TL;DR: Is there a separate cipher list or set of TLS-specific cipher types that I can use in SteelApp to get the full advantages of TLS while limiting my risk with virutal servers that need SSL?
... View more
12-02-2014
01:18:PM
The documentation says to check online help to get the list, but I can't find it anywhere. What information I can find is now quite dated. Is there an official page that details current cipher support information? If so can someone please link it? If not can someone please list our cipher options today?
... View more
11-14-2014
08:37:AM
We're having this problem too, and let me add that the application firewall doesn't have a profile option that does something like counting and/or discarding extra content-length headers, so it's really not clear what Stingray/SteelApp is doing here. I think a little more visibility would be great. I also tried a TrafficScript request rule attempting detect requests with too many Content-Length headers, but I haven't had any luck.
... View more
10-02-2014
08:27:AM
Yes, sorry for the late reply. Looks like it works!
... View more
04-25-2014
07:59:AM
Those lengthy regex tests work -- and maybe even better than mine for the set of all possible domain names -- if you use the regex tester you link. I was using a different but similar website to test my regex. The real problem is that TrafficScript matches all of the hostname using the very same regex. That's really the point of my post. Is there a TrafficScript-specific regex tester like the general ones we all know and love? I'm trying to find out how TrafficScript's implementation is different from everyone else's. My working theory is that it matches greedily, or that it doesn't know what the negate character is. Or something.
... View more
04-24-2014
01:51:PM
I want to create a rule that gets the hostHeader and strips off all but the root domain (the last two levels). For example I want to take www.example.com and grab example.com for my $domain variable. I created a regular expression in a proof-of-concept script: $host = http.getHostHeader ( ) ; $domain = string.regexSub ( $host , '([^.]+.[^.]+)$' , "$1" ) ; log.info ( "Root domain: " . $domain ) ; An example domain of www.example.com matches www.example.com. I don't see how but the first bit [^.]+. seems to match www.example, even though my understanding of regex means that I want to exclude any string of characters having a dot in it. I've also tried "([^\.]+\.[^\.]$)" which is a more kosher version of regex where I'm escaping the dot. In either case the result is the same. Isn't there a way to negate a character in TrafficScript's version of regex ([^<somechar>])? Or is there a way to toggle greedy matching? I have developed a workaround that splits the domain on the dots and simply fetches and re-concatenates the last two strings with another dot. Even though it works I feel all yucky inside. Besides I want to understand how TrafficScript implements regex better and this opportunity has so far taught me very little. Any help is appreciated.
... View more
Latest Tags
No tags yet
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy.
Pulse Secure has updated its Privacy Policy effective June 28, 2017.
