The API generates XHTML Strict 1. asp pages which contain various terms, and will then launch SQL injection attacks against the websites returned by …
Tag: XHTML
Responder/Rewrite/ContentSwitching Advanced policies does not evaluate Nordic Language Characters
Browser converts the Nordic characters in HOST field to PunyCode format. Please see below:
Traces are for ‘http://ä.com’
GET / HTTP/1.1rn
Host: xn--4ca.comrn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:63.0) Gecko/20100101 Firefox/63.0rn
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8rn
Accept-Language: en,sv-SE;q=0.7,de-DE;q=0.3rn
Accept-Encoding: gzip, deflatern
DNT: 1rn
Connection: keep-alivern
Upgrade-Insecure-Requests: 1rn
rn
[Full request URI: http://xn--4ca.com/]
[HTTP request 1/1]
Citrix ADC Policy Engine only supports UTF-8 Format. There is no support for PunyCode yet.
The advanced expressions work for URL’s as Browser encodes the Nordic characters in UTF-8 format when used in a URL.
Please see below:
Traces are for ‘http://lb.repro.lab/ä’
GET /%C3%A4 HTTP/1.1rn
Host: lb.repro.labrn
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:63.0) Gecko/20100101 Firefox/63.0rn
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8rn
Accept-Language: en,sv-SE;q=0.7,de-DE;q=0.3rn
Accept-Encoding: gzip, deflatern
DNT: 1rn
Connection: keep-alivern
Upgrade-Insecure-Requests: 1rn
rn
[Full request URI: http://lb.repro.lab/%C3%A4]
[HTTP request 1/1]
Related:
“How do you want to open this type of link (https)” pops up when using Bidirectional content redirection policy
In order to modify Associations Configuration File for HTTP and HTTPS protocol for all needed users, please follow below action plan:
1.Create Default Associations Configuration xml file with following content, save it to UNC path so that all users can read the file.
————————
<?xml version=”1.0″ encoding=”UTF-8″?>
<DefaultAssociations>
<Association Identifier=”.htm” ProgId=”IE.AssocFile.HTM” ApplicationName=”Internet Explorer” />
<Association Identifier=”.html” ProgId=”IE.AssocFile.HTM” ApplicationName=”Internet Explorer” />
<Association Identifier=”.mht” ProgId=”IE.AssocFile.MHT” ApplicationName=”Internet Explorer” />
<Association Identifier=”.mhtml” ProgId=”IE.AssocFile.MHT” ApplicationName=”Internet Explorer” />
<Association Identifier=”.partial” ProgId=”IE.AssocFile.PARTIAL” ApplicationName=”Internet Explorer” />
<Association Identifier=”.svg” ProgId=”IE.AssocFile.SVG” ApplicationName=”Internet Explorer” />
<Association Identifier=”.url” ProgId=”IE.AssocFile.URL” ApplicationName=”インターネット ブラウザー” />
<Association Identifier=”.website” ProgId=”IE.AssocFile.WEBSITE” ApplicationName=”Internet Explorer” />
<Association Identifier=”.xht” ProgId=”IE.AssocFile.XHT” ApplicationName=”Internet Explorer” />
<Association Identifier=”.xhtml” ProgId=”IE.AssocFile.XHT” ApplicationName=”Internet Explorer” />
<Association Identifier=”FTP” ProgId=”IE.FTP” ApplicationName=”Internet Explorer” />
<Association Identifier=”http” ProgId=”IE.HTTP” ApplicationName=”Internet Explorer” />
<Association Identifier=”https” ProgId=”IE.HTTPS” ApplicationName=”Internet Explorer” />
<Association Identifier=”MK” ProgId=”IE.HTTP” ApplicationName=”Internet Explorer” />
<Association Identifier=”RES” ProgId=”IE.HTTP” ApplicationName=”Internet Explorer” />
</DefaultAssociations>
————————
2.Go to GPO – Computer Policy -Windows Components / File Explorer / Default Associations Configuration File, specify the file created in step1.
3.Run gpupdate /force
Related:
SEPM 14 Unabl to download definations (Very Weird)
I need a solution
Hello everyone, I have SEPM 14 with SQL database which is unable to download the definations. Whenever we try run an luall.exe it connects to live update downoad few KBs and then the connection fails. Attached is the screenshot.
Tried couple of fixes for it. Uninstall and reinstalled back Live Update component. Also if we try to use jdb files for update it works and updates fine. SEPM is already whitelisted on the proxy server and the firewall.
Increased the time out values
PREFERENCESINTERNET_CONNECT_TIMEOUT=144
PREFERENCESINTERNET_READ_DATA_TIMEOUT=1400
as per https://support.symantec.com/en_US/article.TECH188847.html
Also ran wireshark and find out the below many 404 erros dont know what exactly is happening
GET http://liveupdate.symantecliveupdate.com/liveupdate_3.3.100.15_english_livetri.zip HTTP/1.1
Accept: */*
Cache-Control: max-age=0
User-Agent: x0o4rajcHBQ3y2u8fYRQV+rNNGAglDTWQAAAAA
Host: liveupdate.symantecliveupdate.com
Proxy-Connection: Keep-Alive
Pragma: no-cache
HTTP/1.1 404 Not Found
Cache-Control: max-age=600
Content-Type: text/html
Date: Tue, 03 Oct 2017 08:55:33 GMT
Expires: Tue, 03 Oct 2017 09:05:33 GMT
Server: ATS/5.3.1
Content-Length: 345
Age: 1
Connection: keep-alive
<?xml version=”1.0″ encoding=”iso-8859-1″?>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN”
“http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd“>
<html xmlns=”http://www.w3.org/1999/xhtml” xml:lang=”en” lang=”en”>
<head>
<title>404 – Not Found</title>
</head>
<body>
<h1>404 – Not Found</h1>
</body>
</html>
GET http://liveupdate.symantecliveupdate.com/minitri.flg HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 24 Jun 2013 23:51:06 GMT
Cache-Control: max-age=0
User-Agent: x0o4rajcHBQ3y2u8fYRQV+rNNGAglDTWQAAAAA
Host: liveupdate.symantecliveupdate.com
Proxy-Connection: Keep-Alive
Pragma: no-cache
HTTP/1.1 304 Not Modified
Date: Tue, 03 Oct 2017 08:55:33 GMT
Etag: “1813808236”
Expires: Tue, 03 Oct 2017 09:25:33 GMT
Cache-Control: max-age=1800
Connection: keep-alive
Server: ATS/5.3.1
GET http://liveupdate.symantecliveupdate.com/automatic$20liveupdate_3.3.100.15_english_livetri.zip HTTP/1.1
Accept: */*
Cache-Control: max-age=0
User-Agent: x0o4rajcHBQ3y2u8fYRQV+rNNGAglDTWQAAAAA
Host: liveupdate.symantecliveupdate.com
Proxy-Connection: Keep-Alive
Pragma: no-cache
HTTP/1.1 404 Not Found
Cache-Control: max-age=600
Content-Type: text/html
Date: Tue, 03 Oct 2017 08:55:39 GMT
Expires: Tue, 03 Oct 2017 09:05:39 GMT
Server: ATS/5.3.1
Content-Length: 345
Age: 2
Connection: keep-alive
<?xml version=”1.0″ encoding=”iso-8859-1″?>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN”
“http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd“>
<html xmlns=”http://www.w3.org/1999/xhtml” xml:lang=”en” lang=”en”>
<head>
<title>404 – Not Found</title>
</head>
<body>
<h1>404 – Not Found</h1>
</body>
</html>
GET http://liveupdate.symantecliveupdate.com/sepm$20content$20catalog_14.0_symalllanguages_livetri.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 04 Sep 2017 15:38:53 GMT
Cache-Control: max-age=0
User-Agent: x0o4rajcHBQ3y2u8fYRQV+rNNGAglDTWQAAAAA
Host: liveupdate.symantecliveupdate.com
Proxy-Connection: Keep-Alive
Pragma: no-cache
HTTP/1.1 304 Not Modified
Date: Tue, 03 Oct 2017 08:55:39 GMT
Etag: “3589382957”
Expires: Tue, 03 Oct 2017 09:05:39 GMT
Cache-Control: max-age=600
Connection: keep-alive
Server: ATS/5.3.1
GET http://liveupdate.symantecliveupdate.com/sepm$20liveupdate$20database_14.0_symalllanguages_livetri.zip HTTP/1.1
Accept: */*
Cache-Control: max-age=0
User-Agent: x0o4rajcHBQ3y2u8fYRQV+rNNGAglDTWQAAAAA
Host: liveupdate.symantecliveupdate.com
Proxy-Connection: Keep-Alive
Pragma: no-cache
HTTP/1.1 404 Not Found
Cache-Control: max-age=600
Content-Type: text/html
Date: Tue, 03 Oct 2017 08:55:39 GMT
Expires: Tue, 03 Oct 2017 09:05:39 GMT
Server: ATS/5.3.1
Content-Length: 345
Age: 0
Connection: keep-alive
Any help would be appreciated.
0
Related:
dmath created the .NET Web Development Code & Techniques forum.
dmath509XN9PMAQ created the .NET Web Development Code & Techniques forum.
Related:
IIB 10.0 – Using ESQL to create xmlsc document with namespace turns attributes into elements
I am using ESQL to create a XMLNSC document that has a namespace. When I do this, attributes are turned into elements causing the xml to be invalid. Below is the code to create the document in ESQL.
BEGIN
DECLARE pendingDownstreamService REFERENCE to Environment.Variables.PENDING_DOWNSTREAM_SERVICES[1];
DECLARE wd NAMESPACE ‘urn:com.workday/bsvc’;
DECLARE employeeIdAsText CHARACTER;
DECLARE employeeIdToStartDate ROW;
DECLARE employeeCount INTEGER 1;
CALL CopyMessageHeaders();
CALL CopyEntireMessage();
SET OutputRoot.XMLNSC.wd:Get_Workers_Request.(XMLNSC.NamespaceDecl)xmlns:”wd” = ‘urn:com.workday/bsvc’;
SET OutputRoot.XMLNSC.wd:Get_Workers_Request.(XMLNSC.Attribute)wd:version = ‘v26.2’;
SET OutputRoot.XMLNSC.wd:Get_Workers_Request.wd:Response_Group.wd:Include_Employment_Information = ‘true’;
WHILE lastmove(pendingDownstreamService) DO
IF (pendingDownstreamService.EMPLOYEE_ID IS NOT NULL) THEN
SET employeeIdAsText = CAST(pendingDownstreamService.EMPLOYEE_ID AS CHARACTER);
IF (employeeIdToStartDate.{employeeIdAsText} IS NULL) THEN
SET OutputRoot.XMLNSC.wd:Get_Workers_Request.wd:Request_References.wd:Worker_Reference[employeeCount].wd:ID.(XMLNSC.Attribute)wd:type=’Employee_ID’;
SET OutputRoot.XMLNSC.wd:Get_Workers_Request.wd:Request_References.wd:Worker_Reference[employeeCount].wd:ID VALUE = pendingDownstreamService.EMPLOYEE_ID;
SET employeeIdToStartDate.{employeeIdAsText} = pendingDownstreamService.START_DATE;
SET employeeCount = employeeCount + 1;
END IF;
END IF;
MOVE pendingDownstreamService NEXTSIBLING;
END WHILE;
RETURN TRUE;
END;
![alt text][1]
Attached is the message from the flow recorder. You can see that the Get_Workers_Request element has version as a child element while the esql code adds the version as an attribute. Additionally, the wd:Get_Workers_Request.wd:Request_References.wd:Worker_Reference.wd:ID element has type as a child element while the esql adds type as an atttribute. I also don’t see the namespace declaration attribute in the Get_Workers_Request element so I am not sure if that is a problem as well. I would expect to see something like
in the flow recorder.
How can I add attributes to an XMLNSC document when using namespaces?
[1]: /answers/storage/temp/16366-get-workers.png
Related:
Pre-IETF Syslog log source question
Hello, our Web Application Firewall is sending events in pre-IETF syslog format. Here is an example:
Jul 7 13:53:41 type = waf,attack_type = Other Application Activity,HTTP Parser Attack,date_time = 2017-07-07 13:53:41,dest_ip = x.x.x.x,dest_port = 443,geo_location = CN,http_class_name = /Common/xxxxxxxx-abc.company.com,ip_client = x.x.x.x,method = GET,policy_apply_date = 2017-05-30 20:35:19,policy_name = abc.company.com,protocol = HTTPS,query_string = ,request_status = blocked,response_code = 0,severity = Error,src_port = 45298,support_id = 2625226797970795006,uri = /,username = N/A,violations = HTTP protocol compliance failed,Access from disallowed Geolocation,web_application_name = abc.company.com,x_forwarded_for_header_value = x.x.x.x, request = HOST: x.x.x.xrnUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:47.0) Gecko/20100101 Firefox/47.0rnAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8rnAccept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3rnAccept-Encoding: deflaternX-Cnection: closernX-Forwarded-For: x.x.x.xrnVia: 1.1 dca1-bit2rnrn
Is there any way to parse this? Can I use type = waf as the log source identifier?
TIA
Related:
IIB 10 – Handling XML that is not well formed
I have an MQInput node that reads an xml message from the queue. I am trying to handle the condition when we get a malformed xml document or an invalid xml document but it doesn’t behave as expected. There is no exception thrown and the path proceeds along the out terminal instead of the failure terminal. The ExceptionList is empty so there is no way to get any information about the parse error.
How does one handle an xml parse error when an xml message is not well formed or an xml validation error when an xml message is not valid? How can I determine the error happened and what the error is?
Related:
EHcnck replied to the xHTML is not representing the output value in the same way. topic thread in the Rational Publishing Engine (including Telelogic DocExpress) forum.
EHcnck2700040T9U replied to the xHTML is not representing the output value in the same way. topic thread in the Rational Publishing Engine (including Telelogic DocExpress) forum.
Related:
PrahaladRathod replied to the xHTML is not representing the output value in the same way. topic thread in the Rational Publishing Engine (including Telelogic DocExpress) forum.
PrahaladRathod 50CK74WNAX replied to the xHTML is not representing the output value in the same way. topic thread in the Rational Publishing Engine (including Telelogic DocExpress) forum.