适应接口调整代理部分:IP、app强制,遗留replace的验证问题
This commit is contained in:
dongxiaoyan
@@ -1,12 +1,13 @@
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc Proxy_Policy
|
||||
Library OperatingSystem #Test Setup Login #Test Teardown Logout
|
||||
Resource ../../03-Variable/bifangapivariable.txt
|
||||
Resource ../../02-Keyword/tsg-adc/systemcommand.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/policyobject.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/logvariable.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/logschema.txt #Resource log-3.robot
|
||||
Library OperatingSystem
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../03-Variable/AllFlowCaseVariable.txt
|
||||
|
||||
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
@@ -25,39 +26,39 @@ ProxyPolicy-Allow-Http-00001
|
||||
#创建对象 URL
|
||||
${rescodeip} ${object_URL_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ls_sinovision","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["sinovision"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_URL_Id}
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_URL_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
|
||||
#${objectids} set Variable ${object_FQDN_Id},${object_URL_Id}
|
||||
#创建对象 UA
|
||||
${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ua_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_UA_Id}
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_URL_Id},${object_UA_Id}
|
||||
#${objectids} set Variable ${object_FQDN_Id},${object_URL_Id},${object_UA_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
|
||||
#创建对象 SC
|
||||
${rescodeip} ${object_SC_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_sin_sc","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["oKD0_802a"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_SC_Id}
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_URL_Id},${object_UA_Id},${object_SC_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_SC_Id}
|
||||
#${objectids} set Variable ${object_FQDN_Id},${object_URL_Id},${object_UA_Id},${object_SC_Id}
|
||||
#创建 拦截策略
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
|
||||
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
#创建 Deny 管控搭配Allow
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Deny-Http-00001","policyType":"pxy_manipulation","action":"deny","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"block","message":"404","code":404,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Deny-Http-00001","policyType":"pxy_manipulation","action":"deny","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"block","message":"404","code":404,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
log ${addPolicyStr}
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Deny-Http-00001","policyType":"pxy_manipulation","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"block","message":"404","code":404,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Deny-Http-00001","policyType":"pxy_manipulation","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"block","message":"404","code":404,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
log ${addPolicyStr}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
log ${policyId2}
|
||||
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyIds1} ${policyIds2}
|
||||
${policyId2log} set variable ${policyId2}
|
||||
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyId1} ${policyIds2}
|
||||
#创建管控策略
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Allow-Http-00001","policyType":"pxy_manipulation","action":"allow","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"allow","protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Allow-Http-00001","policyType":"pxy_manipulation","action":"allow","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"allow","protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Allow-Http-00001","policyType":"pxy_manipulation","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"allow","protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Allow-Http-00001","policyType":"pxy_manipulation","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"allow","protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
|
||||
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
${policyIds} Create List ${policyIds1} ${policyIds2} ${policyIds3}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2},${policyId3}]}
|
||||
${policyIds} Create List ${policyId1} ${policyId2}
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
@@ -66,8 +67,8 @@ ProxyPolicy-Allow-Http-00001
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId2}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host icbc
|
||||
${s} Convert to String ${policyId2log}
|
||||
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host icbc
|
||||
|
||||
ProxyPolicy-allow-http-00002
|
||||
[Tags] allow http IP+cat+url+请求UA+应答CT
|
||||
@@ -77,8 +78,8 @@ ProxyPolicy-allow-http-00002
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":[ {"policyId":"","isValid":1,"policyName":"SecurityPolicy-Intercept-Https-00001", "policyType":"tsg_security", "action":"intercept","userTags":"", "doBlacklist":0, "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add", "returnData":1, "policyList":[ {"policyId":"","isValid":1, "policyName":"SecurityPolicy-Intercept-Https-00001","policyType":"tsg_security", "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -87,26 +88,32 @@ ProxyPolicy-allow-http-00002
|
||||
#创建管控对象url
|
||||
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_ss", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_ss", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "sinovision" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
|
||||
#${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
|
||||
#创建UA对象
|
||||
${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_UA_Id}
|
||||
#${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_UA_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
|
||||
#创建CT对象
|
||||
${rescodeip} ${object_CT_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CT","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_UA_Id},${object_CT_Id}
|
||||
#${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_UA_Id},${object_CT_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id}
|
||||
#创建allow策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
${policyIds} Create List ${policyId1} ${policyId2}
|
||||
#创建Redirect策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.vip.com/", "code": "302",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.vip.com/", "code": "302",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.vip.com/", "code": "302",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId4} AddPolicy ${addPolicyStr}
|
||||
log ${policyId4}
|
||||
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId4}]}
|
||||
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId4},${policyId3}]}
|
||||
#删除所有策略
|
||||
${policyIds} Create List ${policyId1} ${policyId2} ${policyId5}
|
||||
${policyIds} Create List ${policyId1} ${policyId5}
|
||||
#功能端验证
|
||||
${commandstr} set variable ${curlbatpath}/ProxyPolicy_hijack_http00002.bat
|
||||
${stringlist} Create List 今日关注
|
||||
@@ -127,8 +134,8 @@ ProxyPolicy-allow-http-00003
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -137,26 +144,28 @@ ProxyPolicy-allow-http-00003
|
||||
#创建管控对象url
|
||||
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "xiao" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
|
||||
#创建ck对象
|
||||
${rescodeip} ${object_CK_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CK","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["collina"],"isHexbin":0,"district":"Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_CK_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_Id}
|
||||
#创建SK对象
|
||||
${rescodeip} ${object_SK_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_SK","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["domain=.xiaozhu.com"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_CK_Id},${object_SK_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_SK_Id}
|
||||
#创建allow策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
${policyIds} Create List ${policyId1} ${policyId2}
|
||||
#创建hijack策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":165, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":165, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":165, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId4} AddPolicy ${addPolicyStr}
|
||||
log ${policyId4}
|
||||
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId4}]}
|
||||
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3},${policyId4}]}
|
||||
#删除所有策略
|
||||
${policyIds} Create List ${policyId1} ${policyId2} ${policyId5}
|
||||
${policyIds} Create List ${policyId1} ${policyId5}
|
||||
#功能端验证
|
||||
${commandstr} set variable ${curlbatpath}/ProxyPolicy_hijack_http00003.bat
|
||||
${stringlist} Create List 支付系统
|
||||
@@ -178,8 +187,8 @@ ProxyPolicy-allow-http-00005
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ]"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -188,19 +197,22 @@ ProxyPolicy-allow-http-00005
|
||||
#创建管控对象url
|
||||
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_cb", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_cb", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "ccb.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
|
||||
#创建allow策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-http-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-http-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-http-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
${policyIds} Create List ${policyId1} ${policyId2}
|
||||
#创建replace策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-replace-http-00005","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_resp_body","find":"龙支付","replace_with":"1584529953926"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":7633,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7634,"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-replace-http-00005","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_resp_body","find":"龙支付","replace_with":"1584529953926"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-replace-http-00005","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_resp_body","find":"龙支付","replace_with":"1584529953926"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
|
||||
${rescode} ${policyId4} AddPolicy ${addPolicyStr}
|
||||
log ${policyId4}
|
||||
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId4}]}
|
||||
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3},${policyId4}]}
|
||||
#删除所有策略
|
||||
${policyIds} Create List ${policyId1} ${policyId2} ${policyId5}
|
||||
${policyIds} Create List ${policyId1} ${policyId5}
|
||||
#功能端验证
|
||||
${commandstr} set variable ${curlbatpath}/ProxyPolicy_hijack_http00005.bat
|
||||
${stringlist} Create List 电子银行开通
|
||||
@@ -221,8 +233,8 @@ roxyPolicy-allow-http-00008
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -231,26 +243,29 @@ roxyPolicy-allow-http-00008
|
||||
#创建管控对象url
|
||||
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_ss", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_ss", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "sinovision" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
|
||||
#创建UA对象
|
||||
${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_UA_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
|
||||
#创建sk对象
|
||||
${rescodeip} ${object_SK_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_SK","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["oKD0_802a"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_UA_Id},${object_SK_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_SK_Id}
|
||||
#创建allow策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-Http-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_sk_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-Http-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_sk_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-Http-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_sk_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
${policyIds} Create List ${policyId1} ${policyId2}
|
||||
#创建Redirect策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Http-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.vip.com/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_sk_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Http-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.vip.com/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_sk_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Http-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.vip.com/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_sk_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId4} AddPolicy ${addPolicyStr}
|
||||
log ${policyId4}
|
||||
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId4}]}
|
||||
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3},${policyId4}]}
|
||||
#删除所有策略
|
||||
${policyIds} Create List ${policyId1} ${policyId2} ${policyId5}
|
||||
${policyIds} Create List ${policyId1} ${policyId5}
|
||||
#功能端验证
|
||||
${commandstr} set variable ${curlbatpath}/ProxyPolicy_allow_ssl00008
|
||||
${stringlist} Create List 今日关注
|
||||
@@ -263,3 +278,51 @@ roxyPolicy-allow-http-00008
|
||||
${s} Convert to String ${policyId3}
|
||||
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.sinovision.net
|
||||
|
||||
ProxyPolicy-Allow-Http-00009
|
||||
[Tags] Allow IP FQDN IP+URL DENY HTTP pxy_manipulation
|
||||
#创建对象IP
|
||||
#${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
#log ${object_IP_Id}
|
||||
#创建对象FQDN
|
||||
${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_sinovision","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*open.node.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_FQDN_Id}
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建对象 URL
|
||||
${rescodeip} ${object_URL_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ls_sinovision","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["open.node.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_URL_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
|
||||
#${objectids} set Variable ${object_FQDN_Id},${object_URL_Id}
|
||||
|
||||
#${objectids} set Variable ${object_FQDN_Id},${object_URL_Id},${object_UA_Id}
|
||||
#${objectids} set Variable ${object_FQDN_Id},${object_URL_Id},${object_UA_Id},${object_SC_Id}
|
||||
Comment 创建 拦截策略
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
|
||||
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
Comment 创建 Deny 管控搭配Allow
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Deny-Http-00001","policyType":"pxy_manipulation","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"block","message":"404","code":404,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Deny-Http-00001","policyType":"pxy_manipulation","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"block","message":"404","code":404,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
|
||||
log ${addPolicyStr}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
log ${policyId2}
|
||||
${policyId2log} set variable ${policyId2}
|
||||
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyId1} ${policyIds2}
|
||||
Comment 创建管控策略
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Allow-Http-00001","policyType":"pxy_manipulation","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"allow","protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Allow-Http-00001","policyType":"pxy_manipulation","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"allow","protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2},${policyId3}]}
|
||||
${policyIds} Create List ${policyId1} ${policyId2}
|
||||
${starttime} Get Time
|
||||
Comment 功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${commandreturn} OperatingSystem.Run curl -I \ -m \ 10 \ -o \ /dev/null \ -s \ -w \ \ \%{http_code} \ \ http://open.node.com
|
||||
should contain ${commandreturn} 200
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId2log}
|
||||
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
|
||||
@@ -1,12 +1,12 @@
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc Proxy_Policy
|
||||
Library OperatingSystem #Test Setup Login #Test Teardown Logout
|
||||
Resource ../../03-Variable/bifangapivariable.txt
|
||||
Resource ../../02-Keyword/tsg-adc/systemcommand.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/policyobject.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/logvariable.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/logschema.txt #Resource log-3.robot
|
||||
Library OperatingSystem
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
|
||||
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
@@ -21,8 +21,8 @@ ProxyPolicy-allow-ssl-00001
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -31,19 +31,22 @@ ProxyPolicy-allow-ssl-00001
|
||||
#创建管控对象url
|
||||
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_js", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_js", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "mobile" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
|
||||
#创建allow策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
${policyIds} Create List ${policyId1} ${policyId2}
|
||||
#创建deny策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId4} AddPolicy ${addPolicyStr}
|
||||
log ${policyId4}
|
||||
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId4}]}
|
||||
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3},${policyId4}]}
|
||||
#删除所有策略
|
||||
${policyIds} Create List ${policyId1} ${policyId2} ${policyId5}
|
||||
${policyIds} Create List ${policyId1} ${policyId5}
|
||||
#功能端验证
|
||||
${commandstr} set variable ${curlbatpath}/ProxyPolicy_hijack_ssl00001.bat
|
||||
${stringlist} Create List Tango Secure Gateway CA
|
||||
@@ -65,8 +68,8 @@ ProxyPolicy-allow-ssl-00004
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -75,19 +78,22 @@ ProxyPolicy-allow-ssl-00004
|
||||
#创建管控对象url
|
||||
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_dy", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_dy", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "platform" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
|
||||
#创建allow策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${testClentID},"protocolFields":[]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
${policyIds} Create List ${policyId1} ${policyId2}
|
||||
#创建insert策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-insert-ssl-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "insert","insert_profile": 23, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${testClentID},"protocolFields":[]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-insert-ssl-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "insert","insert_profile": 23, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-insert-ssl-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "insert","insert_profile": 23, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId4} AddPolicy ${addPolicyStr}
|
||||
log ${policyId4}
|
||||
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId4}]}
|
||||
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3},${policyId4}]}
|
||||
#删除所有策略
|
||||
${policyIds} Create List ${policyId1} ${policyId2} ${policyId5}
|
||||
${policyIds} Create List ${policyId1} ${policyId5}
|
||||
#功能端验证
|
||||
${commandstr} set variable ${curlbatpath}/ProxyPolicy_hijack_ssl00004.bat
|
||||
${stringlist} Create List Tango Secure Gateway CA
|
||||
@@ -109,8 +115,8 @@ ProxyPolicy-allow-ssl-00006
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -119,23 +125,25 @@ ProxyPolicy-allow-ssl-00006
|
||||
#创建管控对象url
|
||||
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_zl", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_zl", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "register" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
|
||||
#创建UA对象
|
||||
${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_UA_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
|
||||
#创建allow策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
${policyIds} Create List ${policyId1} ${policyId2}
|
||||
#创建monitor策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-monitor-ssl-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "monitor", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-monitor-ssl-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "monitor", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId4} AddPolicy ${addPolicyStr}
|
||||
log ${policyId4}
|
||||
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId4}]}
|
||||
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3},${policyId4}]}
|
||||
#删除所有策略
|
||||
${policyIds} Create List ${policyId1} ${policyId2} ${policyId5}
|
||||
${policyIds} Create List ${policyId1} ${policyId5}
|
||||
#功能端验证
|
||||
${commandstr} set variable ${curlbatpath}/ProxyPolicy_hijack_ssl00006.bat
|
||||
${stringlist} Create List Tango Secure Gateway CA
|
||||
@@ -156,8 +164,8 @@ ProxyPolicy-allow-ssl-00007
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -166,13 +174,14 @@ ProxyPolicy-allow-ssl-00007
|
||||
#创建管控对象url
|
||||
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_yhd", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_ydh", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "passport" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
|
||||
#创建CT对象
|
||||
${rescodeip} ${object_CT_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CT","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_CT_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ {"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -201,10 +210,10 @@ ProxyPolicy-allow-ssl-00009
|
||||
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_js", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_js", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*weibo.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
log ${object_FQDN_Id}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_SUB_Id},${object_FQDN_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_SUB_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_SUB_Id},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -213,25 +222,28 @@ ProxyPolicy-allow-ssl-00009
|
||||
#创建管控对象url
|
||||
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_js", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_js", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "weibo" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_SUB_Id},${object_FQDN_Id},${object_url_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
|
||||
#创建ck对象
|
||||
${rescodeip} ${object_CK_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CK","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["SINAGLOBAL"],"isHexbin":0,"district":"Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
${objectids} set Variable ${object_SUB_Id},${object_FQDN_Id},${object_url_Id},${object_CK_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_Id}
|
||||
#创建CT对象
|
||||
${rescodeip} ${object_CT_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CT","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
${objectids} set Variable ${object_SUB_Id},${object_FQDN_Id},${object_url_Id},${object_CK_Id},${object_CT_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id}
|
||||
#创建allow策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
${policyIds} Create List ${policyId1} ${policyId2}
|
||||
#创建deny策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId4} AddPolicy ${addPolicyStr}
|
||||
log ${policyId4}
|
||||
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId4}]}
|
||||
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3},${policyId4}]}
|
||||
#删除所有策略
|
||||
${policyIds} Create List ${policyId1} ${policyId2} ${policyId5}
|
||||
${policyIds} Create List ${policyId1} ${policyId5}
|
||||
#功能端验证
|
||||
${commandstr} set variable ${curlbatpath}/ProxyPolicy_hijack_ssl00001.bat
|
||||
${stringlist} Create List Tango Secure Gateway CA
|
||||
@@ -252,25 +264,27 @@ ProxyPolicy-allow-ssl-00010
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
${policyIds} Create List ${policyId1}
|
||||
#创建allow策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]}, \ \ \ \ \ \ \ \ {"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
${policyIds} Create List ${policyId1} ${policyId2}
|
||||
#创建deny策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]}, \ \ \ \ \ \ \ \ {"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId4} AddPolicy ${addPolicyStr}
|
||||
log ${policyId4}
|
||||
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId4}]}
|
||||
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3},${policyId4}]}
|
||||
#删除所有策略
|
||||
${policyIds} Create List ${policyId1} ${policyId2} ${policyId5}
|
||||
${policyIds} Create List ${policyId1} ${policyId5}
|
||||
#功能端验证
|
||||
${commandstr} set variable ${curlbatpath}/ProxyPolicy_allow_ssl00010.bat
|
||||
${stringlist} Create List Tango Secure Gateway CA
|
||||
@@ -291,8 +305,8 @@ ProxyPolicy-allow-ssl-00011
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -301,20 +315,23 @@ ProxyPolicy-allow-ssl-00011
|
||||
#创建管控对象url
|
||||
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_js", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_js", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "zakon.kz" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
|
||||
#创建allow策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${testClentID},"protocolFields":[]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
|
||||
Comment 创建allow策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
#创建deny策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${policyIds} Create List ${policyId1} ${policyId2}
|
||||
Comment 创建deny策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId4} AddPolicy ${addPolicyStr}
|
||||
log ${policyId4}
|
||||
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId4}]}
|
||||
#删除所有策略
|
||||
${policyIds} Create List ${policyId1} ${policyId2} ${policyId5}
|
||||
#功能端验证
|
||||
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3},${policyId4}]}
|
||||
Comment 删除所有策略
|
||||
${policyIds} Create List ${policyId1} ${policyId5}
|
||||
Comment 功能端验证
|
||||
${commandstr} set variable ${curlbatpath}/ProxyPolicy_allow_ssl00011.bat
|
||||
${stringlist} Create List Tango Secure Gateway CA
|
||||
${starttime} Get Time
|
||||
|
||||
@@ -1,12 +1,13 @@
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc Proxy_Policy
|
||||
Library OperatingSystem #Test Setup Login #Test Teardown Logout
|
||||
Resource ../../03-Variable/bifangapivariable.txt
|
||||
Resource ../../02-Keyword/tsg-adc/systemcommand.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/policyobject.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/logvariable.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/logschema.txt #Resource log-3.robot
|
||||
Library OperatingSystem
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../02-Keyword/tsg_common/StmpHandle.robot
|
||||
|
||||
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
@@ -21,8 +22,8 @@ ProxyPolicy-deny-http-00002
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -40,7 +41,7 @@ ProxyPolicy-deny-http-00002
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_UA_Id},${object_CT_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "test", "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "test", "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -66,8 +67,8 @@ ProxyPolicy-deny-http-00003
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -85,7 +86,7 @@ ProxyPolicy-deny-http-00003
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_CK_Id},${object_SK_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "Русскийязык", "code": 451,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "Русскийязык", "code": 451,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -112,8 +113,8 @@ ProxyPolicy-deny-http-00006
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -124,7 +125,7 @@ ProxyPolicy-deny-http-00006
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": 11, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": 11, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -151,8 +152,8 @@ ProxyPolicy-deny-http-00009
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -167,7 +168,7 @@ ProxyPolicy-deny-http-00009
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_body_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": 11, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": 11, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -193,8 +194,8 @@ ProxyPolicy-deny-http-00013
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -209,7 +210,7 @@ ProxyPolicy-deny-http-00013
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_body_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "404", "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "404", "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc Proxy_Policy
|
||||
Library OperatingSystem #Test Setup Login #Test Teardown Logout
|
||||
Resource ../../03-Variable/bifangapivariable.txt
|
||||
Resource ../../02-Keyword/tsg-adc/systemcommand.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/policyobject.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/logvariable.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/logschema.txt #Resource log-3.robot
|
||||
Library OperatingSystem
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../03-Variable/AllFlowCaseVariable.txt
|
||||
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
@@ -21,8 +21,8 @@ ProxyPolicy-deny-ssl-00001
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -33,7 +33,7 @@ ProxyPolicy-deny-ssl-00001
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "123456", "code":403,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "123456", "code":403,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -60,8 +60,8 @@ ProxyPolicy-deny-ssl-00004
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -76,7 +76,7 @@ ProxyPolicy-deny-ssl-00004
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_body_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": 11, "code": 403,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ {"objectId":${testClentID},"protocolFields":[]},\ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_RES_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": 11, "code": 403,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ {"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},\ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_RES_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -102,8 +102,8 @@ ProxyPolicy-deny-ssl-00005
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -114,7 +114,7 @@ ProxyPolicy-deny-ssl-00005
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": 11, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${testClentID},"protocolFields":[]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": 11, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -141,8 +141,8 @@ ProxyPolicy-deny-ssl-00007
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -157,7 +157,7 @@ ProxyPolicy-deny-ssl-00007
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_UA_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": 11, "code": 451,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": 11, "code": 451,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -183,8 +183,8 @@ ProxyPolicy-deny-ssl-00008
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -199,7 +199,7 @@ ProxyPolicy-deny-ssl-00008
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_CT_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": 11, "code": 403,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": 11, "code": 403,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -231,15 +231,15 @@ ProxyPolicy-deny-ssl-00010
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_SUB_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_SUB_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_SUB_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
${policyIds} Create List ${policyId1}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": 11, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_SUB_Id},"protocolFields":[]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": 11, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_SUB_Id},"protocolFields":[]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -265,15 +265,15 @@ ProxyPolicy-deny-ssl-00011
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
${policyIds} Create List ${policyId1}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": 11, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${testClentID},"protocolFields":[]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": 11, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -299,8 +299,8 @@ ProxyPolicy-deny-ssl-00012
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -311,7 +311,7 @@ ProxyPolicy-deny-ssl-00012
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00012", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": 11, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00012", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": 11, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc Proxy_Policy
|
||||
Library OperatingSystem #Test Setup Login #Test Teardown Logout
|
||||
Resource ../../03-Variable/bifangapivariable.txt
|
||||
Resource ../../02-Keyword/tsg-adc/systemcommand.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/policyobject.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/logvariable.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/logschema.txt #Resource log-3.robot
|
||||
Library OperatingSystem
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../03-Variable/AllFlowCaseVariable.txt
|
||||
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
@@ -21,8 +21,8 @@ ProxyPolicy-hijack-http-00002
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -40,7 +40,7 @@ ProxyPolicy-hijack-http-00002
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_UA_Id},${object_CT_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":163, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":163, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -66,8 +66,8 @@ ProxyPolicy-hijack-http-00003
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -85,7 +85,7 @@ ProxyPolicy-hijack-http-00003
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_CK_Id},${object_SK_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":165, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":165, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -112,8 +112,8 @@ ProxyPolicy-hijack-http-00005
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -124,7 +124,7 @@ ProxyPolicy-hijack-http-00005
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-http-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 167, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-http-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 167, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -165,19 +165,19 @@ ProxyPolicy-Hijack-Http-00006
|
||||
log ${object_SC_Id}
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_URL_Id},${object_UA_Id},${object_SC_Id}
|
||||
#创建 拦截策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3562,"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3562,"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
|
||||
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
#创建管控策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-png-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":181,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":8510,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":8511,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8507,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":8508,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-png-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":181,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-png-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":181,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":8510,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":8511,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8507,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":8508,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-png-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":181,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
log ${policyId2}
|
||||
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyIds1} ${policyIds2}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
#功能端验证
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc Proxy_Policy
|
||||
Library OperatingSystem #Test Setup Login #Test Teardown Logout
|
||||
Resource ../../03-Variable/bifangapivariable.txt
|
||||
Resource ../../02-Keyword/tsg-adc/systemcommand.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/policyobject.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/logvariable.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/logschema.txt #Resource log-3.robot
|
||||
Library OperatingSystem
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../03-Variable/AllFlowCaseVariable.txt
|
||||
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
@@ -21,8 +21,8 @@ ProxyPolicy-hijack-ssl-00001
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -33,7 +33,7 @@ ProxyPolicy-hijack-ssl-00001
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":161, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":161, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -60,8 +60,8 @@ ProxyPolicy-hijack-ssl-00004
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -72,7 +72,7 @@ ProxyPolicy-hijack-ssl-00004
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 159, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${testClentID},"protocolFields":[]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 159, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -99,8 +99,8 @@ ProxyPolicy-hijack-ssl-00006
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -115,7 +115,7 @@ ProxyPolicy-hijack-ssl-00006
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_UA_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 169, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 169, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -141,8 +141,8 @@ ProxyPolicy-hijack-ssl-00007
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -157,7 +157,7 @@ ProxyPolicy-hijack-ssl-00007
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_CT_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":171,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":171,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -183,8 +183,8 @@ ProxyPolicy-hijack-ssl-00008
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -195,7 +195,7 @@ ProxyPolicy-hijack-ssl-00008
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 161, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 161, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -221,8 +221,8 @@ ProxyPolicy-hijack-ssl-00009
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -237,7 +237,7 @@ ProxyPolicy-hijack-ssl-00009
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_UA_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 169, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 169, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -256,7 +256,7 @@ ProxyPolicy-hijack-ssl-00009
|
||||
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host tengrinews.kz
|
||||
|
||||
|
||||
ProxyPolicy-Hijack-SSL-00010
|
||||
ProxyPolicy-Hijack-SSL-00010
|
||||
[Tags] Hijack SSL
|
||||
#apk
|
||||
#创建对象IP
|
||||
@@ -279,19 +279,19 @@ ProxyPolicy-hijack-ssl-00009
|
||||
log ${object_SC_Id}
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_URL_Id},${object_UA_Id},${object_SC_Id}
|
||||
#创建 拦截策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
|
||||
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
#创建管控策略
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
log ${policyId2}
|
||||
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyIds1} ${policyIds2}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
#功能端验证
|
||||
@@ -333,20 +333,20 @@ ProxyPolicy-Hijack-SSL-00011
|
||||
log ${object_CT_id}
|
||||
${objectids} set Variable ${object_Cat_Id},${object_URL_id},${object_CK_id} ,${object_CT_id}
|
||||
#创建 拦截策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3329,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3329,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"appObj"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
|
||||
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
#创建管控策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":5887,"protocolFields":[]},{"objectId":3579,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":3575,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":6639,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
#${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":5887,"protocolFields":[]},{"objectId":3579,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":3575,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":6639,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
#${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
log ${policyId2}
|
||||
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyIds1} ${policyIds2}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
#功能端验证
|
||||
@@ -384,19 +384,19 @@ ProxyPolicy-Hijack-SSL-00012
|
||||
log ${object_SC_Id}
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_URL_Id},${object_UA_Id},${object_SC_Id}
|
||||
#创建 拦截策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
|
||||
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
#创建管控策略
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
log ${policyId2}
|
||||
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyIds1} ${policyIds2}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
#功能端验证
|
||||
@@ -438,20 +438,20 @@ ProxyPolicy-Hijack-SSL-00013
|
||||
log ${object_CT_id}
|
||||
${objectids} set Variable ${object_Cat_Id},${object_URL_id},${object_CK_id} ,${object_CT_id}
|
||||
#创建 拦截策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3329,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3329,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
|
||||
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
#创建管控策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":5887,"protocolFields":[]},{"objectId":3579,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":3575,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":6639,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
#${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":5887,"protocolFields":[]},{"objectId":3579,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":3575,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":6639,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
#${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
log ${policyId2}
|
||||
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyIds1} ${policyIds2}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
#功能端验证
|
||||
@@ -489,19 +489,19 @@ ProxyPolicy-Hijack-SSL-00014
|
||||
#log ${object_SC_Id}
|
||||
#${objectids} set Variable ${object_FQDN_Id},${object_URL_Id},${object_UA_Id},${object_SC_Id}
|
||||
#创建 拦截策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
|
||||
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
#创建管控策略
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
log ${policyId2}
|
||||
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyIds1} ${policyIds2}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
#功能端验证
|
||||
@@ -543,20 +543,20 @@ ProxyPolicy-Hijack-SSL-00015
|
||||
log ${object_CT_id}
|
||||
${objectids} set Variable ${object_Cat_Id},${object_URL_id},${object_CK_id} ,${object_CT_id}
|
||||
#创建 拦截策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3329,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3329,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
|
||||
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
#创建管控策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":5887,"protocolFields":[]},{"objectId":3579,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":3575,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":6639,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
#${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":5887,"protocolFields":[]},{"objectId":3579,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":3575,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":6639,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
#${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
log ${policyId2}
|
||||
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyIds1} ${policyIds2}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
#功能端验证
|
||||
|
||||
@@ -1,11 +1,12 @@
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc proxy_event
|
||||
Library OperatingSystem #Test Setup Login #Test Teardown Logout
|
||||
Resource ../../02-Keyword/tsg-adc/systemcommand.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/policyobject.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/logvariable.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/logschema.txt #Resource log-3.robot
|
||||
Library OperatingSystem
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../03-Variable/AllFlowCaseVariable.txt
|
||||
Library custometest
|
||||
Resource ../../02-Keyword/tsg-ui/StmpHandle2.robot
|
||||
|
||||
@@ -32,19 +33,19 @@ ProxyPolicy-insert-Http-js-00001
|
||||
log ${object_SC_Id}
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_URL_Id},${object_UA_Id},${object_SC_Id}
|
||||
#创建 拦截策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3562,"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3562,"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
|
||||
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
#创建管控策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-png-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":181,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":8510,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":8511,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8507,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":8508,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-png-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-png-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":181,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":8510,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":8511,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8507,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":8508,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-png-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
log ${policyId2}
|
||||
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyIds1} ${policyIds2}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
#功能端验证
|
||||
@@ -84,21 +85,21 @@ ProxyPolicy-insert-Http-css-00002
|
||||
#${objectids} set Variable ${object_Subid_Id},${object_Cat_Id},${object_URL_id},${object_CK_id},${object_SC_id}
|
||||
${objectids} set Variable ${object_Cat_Id},${object_URL_id},${object_CK_id},${object_CT_id}
|
||||
#创建 拦截策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
#${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
|
||||
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
#创建管控策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-exe-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":183,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
|
||||
#${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-exe-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":183,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-exe-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-exe-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":183,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
|
||||
#${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-exe-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":183,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-exe-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
log ${policyId2}
|
||||
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyIds1} ${policyIds2}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
#功能端验证
|
||||
|
||||
@@ -1,11 +1,12 @@
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc proxy_event
|
||||
Library OperatingSystem #Test Setup Login #Test Teardown Logout
|
||||
Resource ../../02-Keyword/tsg-adc/systemcommand.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/policyobject.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/logvariable.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/logschema.txt #Resource log-3.robot
|
||||
Library OperatingSystem
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../03-Variable/AllFlowCaseVariable.txt
|
||||
Library custometest
|
||||
Resource ../../02-Keyword/tsg-ui/StmpHandle2.robot
|
||||
|
||||
@@ -32,19 +33,20 @@ ProxyPolicy-insert-SSL-js-00001
|
||||
log ${object_SC_Id}
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_URL_Id},${object_UA_Id},${object_SC_Id}
|
||||
#创建 拦截策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
|
||||
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
|
||||
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
#创建管控策略
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
log ${policyId2}
|
||||
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyIds1} ${policyIds2}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
#功能端验证
|
||||
@@ -84,20 +86,21 @@ ProxyPolicy-insert-SSL-css-00002
|
||||
log ${object_CT_id}
|
||||
${objectids} set Variable ${object_Cat_Id},${object_URL_id},${object_CK_id} ,${object_CT_id}
|
||||
#创建 拦截策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3329,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3329,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
|
||||
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
|
||||
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
#创建管控策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":5887,"protocolFields":[]},{"objectId":3579,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":3575,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":6639,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
#${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":293,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":5887,"protocolFields":[]},{"objectId":3579,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":3575,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":6639,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
#${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":293,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
log ${policyId2}
|
||||
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyIds1} ${policyIds2}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
@@ -134,19 +137,20 @@ ProxyPolicy-insert-SSL-js-00003
|
||||
log ${object_SC_Id}
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_URL_Id},${object_UA_Id},${object_SC_Id}
|
||||
#创建 拦截策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
|
||||
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
|
||||
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
#创建管控策略
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
log ${policyId2}
|
||||
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyIds1} ${policyIds2}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
#功能端验证
|
||||
@@ -188,20 +192,21 @@ ProxyPolicy-insert-SSL-css-00004
|
||||
log ${object_CT_id}
|
||||
${objectids} set Variable ${object_Cat_Id},${object_URL_id},${object_CK_id} ,${object_CT_id}
|
||||
#创建 拦截策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3329,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3329,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
|
||||
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
|
||||
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
#创建管控策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":5887,"protocolFields":[]},{"objectId":3579,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":3575,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":6639,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
#${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":5887,"protocolFields":[]},{"objectId":3579,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":3575,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":6639,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
#${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
log ${policyId2}
|
||||
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyIds1} ${policyIds2}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
#功能端验证
|
||||
@@ -239,19 +244,20 @@ ProxyPolicy-insert-SSL-js-00005
|
||||
#log ${object_SC_Id}
|
||||
#${objectids} set Variable ${object_FQDN_Id},${object_URL_Id},${object_UA_Id},${object_SC_Id}
|
||||
#创建 拦截策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
|
||||
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
|
||||
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
#创建管控策略
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
log ${policyId2}
|
||||
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyIds1} ${policyIds2}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
#功能端验证
|
||||
@@ -293,20 +299,21 @@ ProxyPolicy-insert-SSL-css-00006
|
||||
log ${object_CT_id}
|
||||
${objectids} set Variable ${object_Cat_Id},${object_URL_id},${object_CK_id} ,${object_CT_id}
|
||||
#创建 拦截策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3329,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3329,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
|
||||
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
|
||||
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
#创建管控策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":5887,"protocolFields":[]},{"objectId":3579,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":3575,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":6639,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
#${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":5887,"protocolFields":[]},{"objectId":3579,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":3575,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":6639,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
#${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
log ${policyId2}
|
||||
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
|
||||
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyIds1} ${policyIds2}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
#功能端验证
|
||||
|
||||
@@ -1,11 +1,12 @@
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc Proxy_Policy
|
||||
Library OperatingSystem #Test Setup Login #Test Teardown Logout
|
||||
Resource ../../03-Variable/bifangapivariable.txt
|
||||
Resource ../../02-Keyword/tsg-adc/systemcommand.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/policyobject.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/logvariable.txt
|
||||
Library OperatingSystem
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../03-Variable/AllFlowCaseVariable.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/logschema.txt #Resource log-3.robot
|
||||
|
||||
*** Variables ***
|
||||
@@ -21,8 +22,8 @@ ProxyPolicy-Redirect-http-00002
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -40,7 +41,7 @@ ProxyPolicy-Redirect-http-00002
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_UA_Id},${object_CT_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.jd.com/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.jd.com/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -67,8 +68,8 @@ ProxyPolicy-Redirect-http-00003
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -86,7 +87,7 @@ ProxyPolicy-Redirect-http-00003
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_CK_Id},${object_SK_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -113,8 +114,8 @@ ProxyPolicy-Redirect-http-00006
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -125,7 +126,7 @@ ProxyPolicy-Redirect-http-00006
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.toutiao.com/ch/news_hot/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.toutiao.com/ch/news_hot/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc Proxy_Policy
|
||||
Library OperatingSystem #Test Setup Login #Test Teardown Logout
|
||||
Resource ../../03-Variable/bifangapivariable.txt
|
||||
Resource ../../02-Keyword/tsg-adc/systemcommand.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/policyobject.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/logvariable.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/logschema.txt #Resource log-3.robot
|
||||
Library OperatingSystem
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../03-Variable/AllFlowCaseVariable.txt
|
||||
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
@@ -21,8 +21,8 @@ ProxyPolicy-Redirect-ssl-00001
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -33,7 +33,7 @@ ProxyPolicy-Redirect-ssl-00001
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.bytedance.com/zh", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.bytedance.com/zh", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -59,8 +59,8 @@ ProxyPolicy-Redirect-ssl-00004
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -75,7 +75,7 @@ ProxyPolicy-Redirect-ssl-00004
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_body_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "http://live.gushidaoshi.com/rank", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ {"objectId":${testClentID},"protocolFields":[]},\ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "http://live.gushidaoshi.com/rank", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ {"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},\ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -101,8 +101,8 @@ ProxyPolicy-Redirect-ssl-00005
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -113,7 +113,7 @@ ProxyPolicy-Redirect-ssl-00005
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "http://video.cnfol.com/wptzj/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${testClentID},"protocolFields":[]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "http://video.cnfol.com/wptzj/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -131,7 +131,7 @@ ProxyPolicy-Redirect-ssl-00005
|
||||
${s} Convert to String ${policyId3}
|
||||
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.toutiao.com
|
||||
|
||||
ProxyPolicy-Redirect-ssl-00007
|
||||
ProxyPolicy-Redirect-ssl-00007
|
||||
[Tags] Redirect 请求UA+url
|
||||
#创建fqdn
|
||||
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_gk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_gk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*gamersky.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
@@ -139,8 +139,8 @@ ProxyPolicy-Redirect-ssl-00005
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -155,7 +155,7 @@ ProxyPolicy-Redirect-ssl-00005
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_UA_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "http://video.cnfol.com/wptzj/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "http://video.cnfol.com/wptzj/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -181,8 +181,8 @@ ProxyPolicy-Redirect-ssl-00008
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -197,7 +197,7 @@ ProxyPolicy-Redirect-ssl-00008
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_CT_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -223,8 +223,8 @@ ProxyPolicy-Redirect-ssl-00009
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -239,7 +239,7 @@ ProxyPolicy-Redirect-ssl-00009
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_body_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -266,8 +266,8 @@ ProxyPolicy-Redirect-ssl-00010
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -284,7 +284,7 @@ ProxyPolicy-Redirect-ssl-00010
|
||||
${rescodeip} ${object_CT_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CT","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_UA_Id},${object_CT_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://vk.com/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${testClentID},"protocolFields":[]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://vk.com/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -311,8 +311,8 @@ ProxyPolicy-Redirect-ssl-00011
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -323,7 +323,7 @@ ProxyPolicy-Redirect-ssl-00011
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.nur.kz/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${testClentID},"protocolFields":[]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.nur.kz/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -350,8 +350,8 @@ ProxyPolicy-Redirect-ssl-00012
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -366,7 +366,7 @@ ProxyPolicy-Redirect-ssl-00012
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_body_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc Proxy_Policy
|
||||
Library OperatingSystem #Test Setup | Login | #Test Teardown | Logout
|
||||
Resource ../../03-Variable/bifangapivariable.txt
|
||||
Resource ../../02-Keyword/tsg-adc/systemcommand.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/policyobject.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/logvariable.txt
|
||||
Resource ../../02-Keyword/tsg-bf-api/logschema.txt #Resource | log-3.robot
|
||||
Library OperatingSystem
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../03-Variable/AllFlowCaseVariable.txt
|
||||
|
||||
*** Variables ***
|
||||
${PolicyIds} ${EMPTY}
|
||||
@@ -18,7 +18,7 @@ ProxyPolicy-Replace-http-00001
|
||||
${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"yyq_proxypolicy_replace_00001_fqdn","objectDesc":"*zhu.com","subObjectIds":[],"addItemList":[{"keywordArray":["*zhu.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Http-00001","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Http-00001","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -29,7 +29,7 @@ ProxyPolicy-Replace-http-00001
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Replace-Http-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_req_uri","find":"fangzi","replace_with":"mao"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Replace-Http-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_req_uri","find":"fangzi","replace_with":"mao"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -53,7 +53,7 @@ ProxyPolicy-Replace-http-00002
|
||||
${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"yyq_proxypolicy_replace_00002_fqdn","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*ya.cn"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Http-00002","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Http-00002","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -64,7 +64,7 @@ ProxyPolicy-Replace-http-00002
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Replace-Http-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_resp_body","find":"天涯","replace_with":"海角"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Replace-Http-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_resp_body","find":"天涯","replace_with":"海角"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -88,7 +88,7 @@ ProxyPolicy-Replace-http-00003
|
||||
${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"yyq_proxypolicy_replace_00001_fqdn","objectDesc":"*cn.com","subObjectIds":[],"addItemList":[{"keywordArray":["*cn.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Http-00001","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Http-00001","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -99,7 +99,7 @@ ProxyPolicy-Replace-http-00003
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Replace-Http-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_req_header","find":"a","replace_with":"b"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Replace-Http-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_req_header","find":"a","replace_with":"b"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
@@ -122,7 +122,7 @@ ProxyPolicy-Replace-http-00004
|
||||
${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"yyq_proxypolicy_replace_00001_fqdn","objectDesc":"*room.com","subObjectIds":[],"addItemList":[{"keywordArray":["*room.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_FQDN_Id}
|
||||
#创建安全策略
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Http-00001","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Http-00001","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除安全策略
|
||||
@@ -133,7 +133,7 @@ ProxyPolicy-Replace-http-00004
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
|
||||
#创建管控策略
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Replace-Http-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_resp_header","find":"UTF-8","replace_with":"utf-8"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
|
||||
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Replace-Http-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_resp_header","find":"UTF-8","replace_with":"utf-8"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
|
||||
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
|
||||
log ${policyId3}
|
||||
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
|
||||
|
||||
Reference in New Issue
Block a user