palantir icon indicating copy to clipboard operation
palantir copied to clipboard

Published 20 hours ago verified publisher icon aasaam

Protection senario check

Open mhf-ir opened this issue 5 years ago • 0 comments

Add cookie parser for check request and system status.

Consider HTTP request always carry the cookie of client unique identifier. For example Cookie: cuid=blahblahblah;

  • Add Cookie parser for parse multiple cookie parse what' you need

  • Know status of protection: Consider statuses N, P{N} Which means Normal N every thing is good so let all request go. By P**{N}** Depend on config file we follow these: Define cookie name for example asm_prt=xxxxx*

  SampleConfig: P1: Protection Level 1
  cookie ttl: **604800**
  cookie parameters: 
     - CUID
  SampleConfig: P2: Protection Level 2
  cookie ttl: **86400**
  cookie parameters: 
     - CUID
     - IP Address
  SampleConfig: P3: Protection Level 3
  cookie ttl: **7200**
  cookie parameters: 
     - CUID
     - IP Address
     - User Agent
  • JWT decode for parse general Auth base on Authorization and Cookie for status of user is guest or logged in user.
  • If user not logged in : For guest members follow cookie mechanism (Not logged in and not authorized servers) Encryption and Decryption by special cookie for status of request (https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) This method will use for captcha application to generate same cookie algorithm for Palantir proxy.
  • For mobile application they are same but using special header X-Cuid: blahblahblah same follow for cookie.
  1. Document workflow
  2. Accpet workflow
  3. Implementation

mhf-ir avatar Jul 01 '19 08:07 mhf-ir