Mitre published another awesome framework called d3fend.mitre.org
It is using the att&ck framework but from a defenders perspective :-)
Confluence behind LoadBalancer with another domain results in XSRF error
If you have an atlassian confluence running, which is published by a loadbalancer or reverse proxy using another domain, you might run into an XSRF error.
Example
Confluence FQDN: somehostname.domain.tld
LoadBalancer Confluence FQDN: confluence.domain.tld
Some actions like uploading your profile picture (https://confluence.domain.tld/users/profile/editmyprofilepicture.action) do not work. You'll receive an generic error from the confluence page (see red box of the screenshot below). If you check the HTTP Header response, you'll see XSRF check failed. It is caused by the confluence cross site request forgery (CSRF) protection.
Solution
Edit confluence
server.xml and add the FQDN from the LoadBalancer or reverse proxy.More information can be found here: https://confluence.atlassian.com/kb/cross-site-request-forgery-csrf-protection-changes-in-atlassian-rest-779294918.html
Subscribe to:
Posts (Atom)
Azure Managed Identities (technical service accounts)
Explaination Azure Managed Identities = technical service accounts Password is automatically managed, as it was the case in managed service ...
-
Howto add a route with a specific interface into the windows routing-table. This can be useful for example if you have a tunnel-all vpn... -
If you are running a Windows Server 2016, are using the integrated Windows Server Backup utility and you want to save the backup to a remote... -
You can either use the GUI of the FortiGate to list all certificates, or use the CLI. Either using the commands: Using the "get...