Protection senario check
Opened this issue · 0 comments
mhf-ir commented
Add cookie parser for check request and system status.
Consider HTTP request always carry the cookie of client unique identifier.
For example Cookie: cuid=blahblahblah;
-
Add Cookie parser for parse multiple cookie parse what' you need
-
Know status of protection: Consider statuses N, P{N}
Which means Normal N every thing is good so let all request go.
By P**{N}**
Depend on config file we follow these:
Define cookie name for example asm_prt=xxxxx*
SampleConfig: P1: Protection Level 1
cookie ttl: **604800**
cookie parameters:
- CUID
SampleConfig: P2: Protection Level 2
cookie ttl: **86400**
cookie parameters:
- CUID
- IP Address
SampleConfig: P3: Protection Level 3
cookie ttl: **7200**
cookie parameters:
- CUID
- IP Address
- User Agent
- JWT decode for parse general Auth base on
Authorization
andCookie
for status of user is guest or logged in user. - If user not logged in : For guest members follow cookie mechanism (Not logged in and not authorized servers) Encryption and Decryption by special cookie for status of request (https://en.wikipedia.org/wiki/Advanced_Encryption_Standard)
This method will use for captcha application to generate same cookie algorithm for Palantir proxy. - For mobile application they are same but using special header
X-Cuid: blahblahblah
same follow for cookie.
- Document workflow
- Accpet workflow
- Implementation