Hi! Experts
Do you have experience for this? We don't find a pre-defined App-ID for confluence, so we need a custome defined App-ID to do this.
From the captured packets, there is a key named "X-Confluence-Request-Time" in Confluence server responsed http header, how do we defined a App-ID to use this key for matching?
...
HTTP/1.1 200
X-ASEN: YOU MAKE ME A SAD PANDA.
X-Confluence-Request-Time: 1701684978176
X-Seraph-LoginReason: OK
...
From configuration there is no related http context for this key, do we need over TCP stream instead?
[edit]
lab@SRX# show services
application-identification {
application confluence {
over HTTP {
signature confluence {
member m01 {
depth 128;
context ???;
pattern X-Confluence-Request-Time;
direction server-to-client;
}
}
}
}
lab@SRX# set services application-identification application confluence over HTTP signature confluence member m01 context ?
Possible completions:
<context> Context to be matched on
http-filename Filename being fetched/posted. Extracted if Content-Disposition field has filename
http-get-url-parsed-param-parsed The decoded, normalized GET URL in an HTTP request along with the decoded CGI parameters, if any
http-header-content-type Content-Type: header in an HTTP transaction
http-header-cookie Cookie: header in an HTTP transaction
http-header-host Host: header in an HTTP request
http-header-user-agent User-agent: header in an HTTP transaction
http-post-url-parsed-param-parsed The decoded, normalized POST URL in an HTTP request along with the decoded CGI parameters, if any
http-post-variable-parsed The decoded POST url or form data variables
http-url-parsed The decoded, normalized URL in an HTTP request
http-url-parsed-param-parsed The decoded, normalized URL in an HTTP request along with the decoded CGI parameters, if any