Eric Friedrich Implemented by Mike Sandman and John Shen

Slides:

Advertisements

Similar presentations

Give it a REST already Arnon Rotem-Gal-Oz VP R&D xsights

Advertisements

XPointer and HTTP Range A possible design for a scalable and extensible RDF Data Access protocol. Bryan Thompson Presented to the RDF Data Access.

XPointer and HTTP Range A possible design for a scalable and extensible RDF Data Access protocol. Bryan Thompson draft Presented to the RDF.

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Enabling Secure Internet Access with ISA Server

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Web, HTTP and Web Caching

Session Management A290/A590, Fall /25/2014.

Application Layer  We will learn about protocols by examining popular application-level protocols  HTTP  FTP  SMTP / POP3 / IMAP  Focus on client-server.

W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.

1 3 Web Proxies Web Protocols and Practice. 2 Topics Web Protocols and Practice WEB PROXIES  Web Proxy Definition  Three of the Most Common Intermediaries.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Week 11: Application Layer1 Web and HTTP First some jargon r Web page consists of objects r Object can be HTML file, JPEG image, Java applet, audio file,…

JavaScript, Fourth Edition

Chapter 1: Introduction to Web Applications. This chapter gives an overview of the Internet, and where the World Wide Web fits in. It then outlines the.

Protocol(TCP/IP, HTTP) 송준화 조경민 2001/03/13. Network Computing Lab.2 Layering of TCP/IP-based protocols.

Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.

Chapter 8 Cookies And Security JavaScript, Third Edition.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

The Inter-network is a big network of networks.. The five-layer networking model for the internet.

October 3, 2008IMI Security Symposium Application Security through a Hacker’s Eyes James Walden Northern Kentucky University

© 2004 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. ARMing Apache David Carter.

® IBM Software Group © 2007 IBM Corporation Best Practices for Session Management

Sessions in PHP – Page 1 of 13CSCI 2910 – Client/Server-Side Programming CSCI 2910 Client/Server-Side Programming Topic: Sessions in PHP Reading: Williams.

Web Database Programming Week 7 Session Management & Authentication.

Module 7: Advanced Application and Web Filtering.

AxKit A member of the Apache XML project Ryan Maslyn Kyle Bechtel.

Saving State on the WWW. The Issue  Connections on the WWW are stateless  Every time a link is followed is like the first time to the server — it has.

Operating Systems Lesson 12. HTTP vs HTML HTML: hypertext markup language ◦ Definitions of tags that are added to Web documents to control their appearance.

 Previous lessons have focused on client-side scripts  Programs embedded in the page’s HTML code  Can also execute scripts on the server  Server-side.

Fundamentals of Web DevelopmentRandy Connolly and Ricardo HoarFundamentals of Web DevelopmentRandy Connolly and Ricardo Hoar Fundamentals of Web DevelopmentRandy.

Week 11: Application Layer 1 Web and HTTP r Web page consists of objects r Object can be HTML file, JPEG image, Java applet, audio file,… r Web page consists.

Module 5: Managing Content. Overview Publishing Content Executing Reports Creating Cached Instances Creating Snapshots and Report History Creating Subscriptions.

Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.

27.1 Chapter 27 WWW and HTTP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

COOKIES AND SESSIONS.

1 Chapter 22 World Wide Web (HTTP) Chapter 22 World Wide Web (HTTP) Mi-Jung Choi Dept. of Computer Science and Engineering

1 © 1999, Cisco Systems, Inc. 1293_07F9_c1 LocalDirector Version3.1.

Midterm Review October Closed book one hand written page of notes of your own making October Closed book one hand written page of notes of.

Cookies Tutorial Cavisson Systems Inc..

Jonathan Rosenberg dynamicsoft

Managing State Chapter 13.

Block 5: An application layer protocol: HTTP

Module 3: Enabling Access to Internet Resources

Persistency Load Balancing

Node.js Express Web Applications

HTTP request message: general format

Section 13 - Integrating with Third Party Tools

How P3P Works Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research 4 February

Node.js Express Web Services

Host of Troubles : Multiple Host Ambiguities in HTTP Implementations

Hypertext Transport Protocol

Cisco OMD Feature Update

Client / Session Identification Cookies

Getting web pages First we need to get the webpage by issuing a HTTP request. The best option for this is the requests library that comes with Anaconda:

Cookies and Sessions in PHP

Configuration Framework draft-ietf-sipping-config-framework-06

What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.

Client / Session Identification Cookies

Web Systems Development (CSC-215)

CS320 Web and Internet Programming Cookies and Session Tracking

CS3220 Web and Internet Programming Cookies and Session Tracking

World Wide Web Uniform Resource Locator hostname [:port]/path

Steven Feltner reveller – IRC

Multiple HTTP Requests from One TCP Connection

CS3220 Web and Internet Programming Cookies and Session Tracking

Cross Site Request Forgery New Attacks and Defenses

[Based in part on SWE 432 and SWE 632 materials by Jeff Offutt, GMU]

09 | Configuring Lync Online

[Based in part on SWE 432 and SWE 632 materials by Jeff Offutt, GMU]

Presentation transcript:

Eric Friedrich Implemented by Mike Sandman and John Shen OMD Session Tracking Eric Friedrich Implemented by Mike Sandman and John Shen May 2017

Problem Statement How to correlate entries in transaction logs by the requesting clients? Client IP not sufficient => NAT TCP 5-tuple too detailed => Clients may have multiple TCP sessions {Client IP, User-Agent} => Good approximation but not exact Also want to correlate transaction log entries with video backoffice and other systems (i.e provide external IDs) Must obey privacy regulations allowing opt-out of tracking

Session Tracking If not already present, Traffic Server sets tracking cookie in browser Cookie is logged in cache transaction logs Future: Set and log cookie on Traffic Router as well Cookie contents are configurable Randomly generated UUID OR Key-Value pairs from URL query string Video Portal can create manifest links w/ IDs in query string

Example Flow – Random Session ID 302, Location: edge001.http1.cdn.com/1.m3u8 Client TR ATS HTTP GET tr.http1.cdn.com/1.m3u8 HTTP GET edge001.http1.cdn.com/1.m3u8 200 OK, Set-Cookie: uuid=abcd-efgh-1234 200 OK HTTP GET edge001.http1.cdn.com/1.ts Cookie: uuid=abcd-efgh-1234

Example Flow – Session ID in Request URL 302, Location: edge001.http1.cdn.com /1.m3u8?sid=abcd1234&uid=user1 Client TR ATS HTTP GET tr.http1.cdn.com HTTP GET edge001.http1.cdn.com/ 200 OK, Set-Cookie: omd_cookie=sid:abcd1234&uid:user1 200 OK HTTP GET edge001.http1.cdn.com/1.ts Cookie: omd_cookie=sid:abcd1234&uid:user1

Traffic Ops Configuration Per Delivery Service Configuration Enable/Disable Activates TS LUA plugin in remap.config Configure list of URL Query Keys to capture into Cookie Provided as plugin parameters on remap line Default Log Format modified to include Cookie header

remap.config Example map http://zard-ec2.sst.cdn.zard.dog/ http://zard-repo.zard.dog/ @plugin=tslua.so @pparam=/opt/trafficserver/script/sst.lua @pparam=sandman @pparam=fish @pparam=duck @plugin=header_rewrite.so @pparam=dscp/set_dscp_0.confi } URI Query Keys from Traffic Ops

Transaction Logs Query Parameter Based Cookie 1491430984.618 chi=192.168.30.27 phn=zard-ec2.zard.dog php=80 shn=zard-repo.zard.dog url=http://zard-ec2.sst.cdn.zard.dog/sandman.txt?sandman=5&duck=1 cqhm=GET cqhv=HTTP/1.1 pssc=200 ttms=0 b=129 sssc=000 sscl=0 cfsc=FIN pfsc=FIN crc=TCP_HIT phr=NONE pqsn=- uas="curl/7.29.0" xmt="- sid="omd_cookie=sandman:5&duck:1" Randomly Generated Cookie 1491430804.273 chi=192.168.30.27 phn=zard-ec2.zard.dog php=80 shn=zard-repo.zard.dog url=http://zard-ec2.sst.cdn.zard.dog/sandman.txt cqhm=GET cqhv=HTTP/1.1 pssc=200 ttms=68 b=129 sssc=304 sscl=0 cfsc=FIN pfsc=FIN crc=TCP_REFRESH_HIT phr=PARENT_HIT pqsn=zard-mc1.zard.dog uas="curl/7.29.0" xmt="- sid="omd_cookie=uuid:5eaa5301-8fe1-4872-c8fb-bdeab7fcc5af"

The Good Stuff Bulk of lua plugin is a do_remap() function function do_remap() parse URI args, pull out any configured query parameters build new cookie string if new cookie string set set the cookie in request header and provide cookie back to user else generate uuid if no existing cookie set the cookie in request header and provide cookie back to user

Final Thoughts Performance Impact Security Posture 10% Less Throughput when specifying query parameters Eliminate/Optimize use of lua regexs? Use Trafficserver query string parsing? Security Posture Rate/Length limiting of logs In customer labs, not yet production. PRs coming soon!