SRX

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  how to block access to confluence with App-ID

    Posted 12-04-2023 08:45

    Hi! Experts

    Do you have experience for this? We don't find a pre-defined App-ID for confluence, so we need a custome defined App-ID to do this.

    From the captured packets, there is a key named "X-Confluence-Request-Time" in Confluence server responsed http header, how do we defined a App-ID to use this key for matching?

    ...

    HTTP/1.1 200

    X-ASEN: YOU MAKE ME A SAD PANDA.

    X-Confluence-Request-Time: 1701684978176

    X-Seraph-LoginReason: OK

    ...

    From configuration there is no related http context for this key, do we need over TCP stream instead?

    [edit]
    lab@SRX# show services                                                                                                           
    application-identification {
        application confluence {
            over HTTP {
                signature confluence {
                    member m01 {
                        depth 128;
                        context ???;
                        pattern X-Confluence-Request-Time;
                        direction server-to-client;
                    }
                }
            }
        }

    lab@SRX# set services application-identification application confluence over HTTP signature confluence member m01 context ?       
    Possible completions:
      <context>            Context to be matched on
      http-filename          Filename being fetched/posted. Extracted if Content-Disposition field has filename
      http-get-url-parsed-param-parsed       The decoded, normalized GET URL in an HTTP request along with the decoded CGI parameters, if any
      http-header-content-type       Content-Type: header in an HTTP transaction
      http-header-cookie     Cookie: header in an HTTP transaction
      http-header-host       Host: header in an HTTP request
      http-header-user-agent         User-agent: header in an HTTP transaction
      http-post-url-parsed-param-parsed      The decoded, normalized POST URL in an HTTP request along with the decoded CGI parameters, if any
      http-post-variable-parsed      The decoded POST url or form data variables
      http-url-parsed        The decoded, normalized URL in an HTTP request
      http-url-parsed-param-parsed           The decoded, normalized URL in an HTTP request along with the decoded CGI parameters, if any



  • 2.  RE: how to block access to confluence with App-ID

    Posted 12-05-2023 04:08

    I'll wait for a web expert to jump in here, but have you tried the built in junos:ATLASSIAN , interestingly they have junos:JIRA, but not specifically confluence.



    ------------------------------
    GAVIN WHITE
    ------------------------------