I am working with my Security Onion and at the moment all the longer PCRE is not working, because the rules and the regex is not applied to the TCP stream but only to single packets.
My Snort.conf should have everything enabled:
# Target-based IP defragmentation. For more inforation, see README.frag3
preprocessor frag3_global: max_frags 65536
preprocessor frag3_engine: policy windows detect_anomalies overlap_limit 10 min_fragment_length 100 timeout 180
# Target-Based stateful inspection/stream reassembly. For more inforation, see README.stream5
preprocessor stream5_global: track_tcp yes, \
track_udp yes, \
track_icmp no, \
max_tcp 262144, \
max_udp 131072, \
max_active_responses 2, \
min_response_seconds 5
preprocessor stream5_tcp: log_asymmetric_traffic no, policy windows, \
detect_anomalies, require_3whs 180, \
overlap_limit 10, small_segments 3 bytes 150, timeout 180, \
ports client 21 22 23 25 42 53 79 109 110 111 113 119 135 136 137 139 143 \
161 445 513 514 587 593 691 1433 1521 1741 2100 3306 6070 6665 6666 6667 6668 6669 \
7000 8181 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779, \
ports both 80 81 311 383 443 465 563 591 593 636 901 989 992 993 994 995 1220 1414 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 7907 7000 7001 7144 7145 7510 7802 7777 7779 \
7801 7900 7901 7902 7903 7904 7905 7906 7908 7909 7910 7911 7912 7913 7914 7915 7916 \
7917 7918 7919 7920 8000 8008 8014 8028 8080 8085 8088 8090 8118 8123 8180 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090 9091 9443 9999 11371 34443 34444 41080 50002 55555
preprocessor stream5_udp: timeout 180
Now I got a node.js server up with a simple XML file (I made it a little bit shorter):
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="http://localhost:8080/sp/saml/index.html"
ID="_28940080d39ea1191d9910414147f372"
InResponseTo="_15b217492a05e534df8539c7a84014cd"
IssueInstant="2018-07-24T16:04:13.830Z" Version="2.0"
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:protocol">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">eLearning SAML SSO IdP</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:Assertion ID="_evil_assertion_ID"
IssueInstant="2018-07-24T16:04:13.831Z" Version="2.0"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:protocol">
<saml2:Issuer>eLearning SAML SSO IdP</saml2:Issuer>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">xmluser</saml2:NameID>
[..........................]
</saml2:AuthnContext>
</saml2:AuthnStatement>
</saml2:Assertion>
</saml2p:Response>
A rule matching only the content:"saml2p:response" or a small regex like pcre:"/saml2p:Response/smi" is working without problem, but a rule with a longer regex is not matching the pattern.
I made my rule as generic as possible:
alert tcp any any -> any any (msg:"ET WEB_SERVER SAML XSW3 Attack, Possible Signature Wrapping Attack v15"; pcre:"/saml2p:Response.*?/saml2p:Response/smi"; reference:url,https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final91.pdf; classtype:web-application-attack; sid:200000120; rev:1;)
edit: I have also tried this rule with all versions of flow:from_server,established; (to_server, from_client, to_client). None of them is working for me. But when I cut down the xml to a size which fits in one packet, all rules are firing!
The Regex pcre:"/saml2p:Response.*?/saml2p:Response/smi" should match everything from the first response tag to the closing response tag, but whenever it is splitted into different TCP Packets the regex is not matching.
Do i miss anything?
Thanks for your help!
Related
The Istio documentation provides a sample istio-proxy log, as below:
[2019-03-06T09:31:27.354Z] "GET /status/418 HTTP/1.1" 418 - "-" 0 135 11 10 "-" "curl/7.60.0" "d209e46f-9ed5-9b61-bbdd-43e22662702a" "httpbin:8000" "172.30.146.73:80" outbound|8000||httpbin.default.svc.cluster.local - 172.21.13.94:8000 172.30.146.82:60290 -
The linked Envoy documentation mentions that for log format is as follow:
[%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%"
%RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION%
%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%"
"%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"\n
example from Envoy:
[2016-04-15T20:17:00.310Z] "POST /api/v1/locations HTTP/2" 204 - 154 0 226 100 "10.0.35.28"
"nsq2http" "cc21d9b0-cf5c-432b-8c7e-98aeb7988cd2" "locations" "tcp://10.0.2.1:80"
This format is different than the one used by istio-proxy.
The documentation seems out of sync with the Envoy documentation as the provided sample log cannot be mapped to the Envoy default logged format. What is the log format here? What is being logged?
I am trying to set up Hyperledger Fabric on multiple hosts using different AWS EC2 instances. I am having a problem setting up the peer on the second instance.
I have been following the guide in this medium article:
https://medium.com/#wahabjawed/hyperledger-fabric-on-multiple-hosts-a33b08ef24f
I got as far as step 6 under Setting Up the Network which sets up a peer on the second instance.
I used this command:
docker run --rm -it --network="my-net" --link orderer.example.com:orderer.example.com --link peer0.org1.example.com:peer0.org1.example.com --name peer1.org1.example.com -p 9051:7051 -p 9053:7053 -e CORE_LEDGER_STATE_STATEDATABASE=CouchDB -e CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb1:5984 -e CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME= -e CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD= -e CORE_PEER_ADDRESSAUTODETECT=true -e CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock -e FABRIC_LOGGING_SPEC=DEBUG -e CORE_PEER_NETWORKID=peer1.org1.example.com -e CORE_NEXT=true -e CORE_PEER_ENDORSER_ENABLED=true -e CORE_PEER_ID=peer1.org1.example.com -e CORE_PEER_PROFILE_ENABLED=true -e CORE_PEER_COMMITTER_LEDGER_ORDERER=orderer.example.com:7050 -e CORE_PEER_GOSSIP_ORGLEADER=true -e CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org1.example.com:7051 -e CORE_PEER_GOSSIP_IGNORESECURITY=true -e CORE_PEER_LOCALMSPID=Org1MSP -e CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=my-net -e CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051 -e CORE_PEER_GOSSIP_USELEADERELECTION=false -e CORE_PEER_TLS_ENABLED=false -v /var/run/:/host/var/run/ -v $(pwd)/crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp:/etc/hyperledger/fabric/msp -w /opt/gopath/src/github.com/hyperledger/fabric/peer hyperledger/fabric-peer peer node start
And it resulted in this error:
2019-04-24 20:06:29.798 UTC [msp] getSigningIdentityFromConf -> DEBU 036 Could not find SKI [8d25ff0a9c02de411acf743e7a6577fac0573d0d2561f988fb2305be74918de7], trying KeyMaterial field: Key with SKI 8d25ff0a9c02de411acf743e7a6577fac0573d0d2561f988fb2305be74918de7 not found in /etc/hyperledger/fabric/msp/keystore
Failed getting key for SKI [[141 37 255 10 156 2 222 65 26 207 116 62 122 101 119 250 192 87 61 13 37 97 249 136 251 35 5 190 116 145 141 231]]
github.com/hyperledger/fabric/bccsp/sw.(*CSP).GetKey
/opt/gopath/src/github.com/hyperledger/fabric/bccsp/sw/impl.go:170
github.com/hyperledger/fabric/msp.(*bccspmsp).getSigningIdentityFromConf
/opt/gopath/src/github.com/hyperledger/fabric/msp/mspimpl.go:181
github.com/hyperledger/fabric/msp.(*bccspmsp).setupSigningIdentity
/opt/gopath/src/github.com/hyperledger/fabric/msp/mspimplsetup.go:267
github.com/hyperledger/fabric/msp.(*bccspmsp).preSetupV1
/opt/gopath/src/github.com/hyperledger/fabric/msp/mspimplsetup.go:413
github.com/hyperledger/fabric/msp.(*bccspmsp).setupV1
/opt/gopath/src/github.com/hyperledger/fabric/msp/mspimplsetup.go:373
github.com/hyperledger/fabric/msp.(*bccspmsp).setupV1-fm
/opt/gopath/src/github.com/hyperledger/fabric/msp/mspimpl.go:112
github.com/hyperledger/fabric/msp.(*bccspmsp).Setup
/opt/gopath/src/github.com/hyperledger/fabric/msp/mspimpl.go:225
github.com/hyperledger/fabric/msp/cache.(*cachedMSP).Setup
/opt/gopath/src/github.com/hyperledger/fabric/msp/cache/cache.go:88
github.com/hyperledger/fabric/msp/mgmt.LoadLocalMspWithType
/opt/gopath/src/github.com/hyperledger/fabric/msp/mgmt/mgmt.go:32
github.com/hyperledger/fabric/peer/common.InitCrypto
/opt/gopath/src/github.com/hyperledger/fabric/peer/common/common.go:143
github.com/hyperledger/fabric/peer/common.InitCmd
/opt/gopath/src/github.com/hyperledger/fabric/peer/common/common.go:309
github.com/hyperledger/fabric/vendor/github.com/spf13/cobra.(*Command).execute
/opt/gopath/src/github.com/hyperledger/fabric/vendor/github.com/spf13/cobra/command.go:746
github.com/hyperledger/fabric/vendor/github.com/spf13/cobra.(*Command).ExecuteC
/opt/gopath/src/github.com/hyperledger/fabric/vendor/github.com/spf13/cobra/command.go:852
github.com/hyperledger/fabric/vendor/github.com/spf13/cobra.(*Command).Execute
/opt/gopath/src/github.com/hyperledger/fabric/vendor/github.com/spf13/cobra/command.go:800
main.main
/opt/gopath/src/github.com/hyperledger/fabric/peer/main.go:53
runtime.main
/opt/go/src/runtime/proc.go:201
runtime.goexit
/opt/go/src/runtime/asm_amd64.s:1333
2019-04-24 20:06:29.798 UTC [main] InitCmd -> ERRO 037 Cannot run peer because error when setting up MSP of type bccsp from directory /etc/hyperledger/fabric/msp: KeyMaterial not found in SigningIdentityInfo
I have tried searching for a solution but wasn't able to find anything. I have little experience with Fabric. Any ideas?
I am able to connect with my hbase
connection = happybase.Connection(host='node-04',port=16000)
table = connection.table('test')
These 2 commands work without any error. but when I run the below cammand i am getting following error
print connection.tables()
error
Traceback (most recent call last)
<ipython-input-49-de0848d7286f> in <module>()
----> 1 print connection.tables()
/root/anaconda2/lib/python2.7/site-packages/happybase/connection.pyc in tables(self)
236 :rtype: List of strings
237 """
--> 238 names = self.client.getTableNames()
239
240 # Filter using prefix, and strip prefix from names
/root/anaconda2/lib/python2.7/site-packages/happybase/hbase/Hbase.pyc in getTableNames(self)
815 #return returns a list of names
816 """
--> 817 self.send_getTableNames()
818 return self.recv_getTableNames()
819
/root/anaconda2/lib/python2.7/site-packages/happybase/hbase/Hbase.pyc in send_getTableNames(self)
823 args.write(self._oprot)
824 self._oprot.writeMessageEnd()
--> 825 self._oprot.trans.flush()
826
827 def recv_getTableNames(self, ):
/root/anaconda2/lib/python2.7/site-packages/thrift/transport/TTransport.pyc in flush(self)
172 # reset wbuf before write/flush to preserve state on underlying failure
173 self.__wbuf = StringIO()
--> 174 self.__trans.write(out)
175 self.__trans.flush()
176
/root/anaconda2/lib/python2.7/site-packages/thrift/transport/TSocket.pyc in write(self, buff)
128 have = len(buff)
129 while sent < have:
--> 130 plus = self.handle.send(buff)
131 if plus == 0:
132 raise TTransportException(type=TTransportException.END_OF_FILE,
error: [Errno 32] Broken pipe
I am usingHbase version:1.1.2.2.3.4.0-3485
Please help if you can suggest any package which i can use to code for hbase using python
happybase requires you to connect to the thrift daemon, which you need to start on your hbase cluster. happybase does not connect to hbase nodes directly.
judging from the port number, you are not connecting to thrift (uses port 9090 by default) but to the hbase master. this is not how happybase works.
I have been tinkering with libcurl and so far its nice. I have some few things that are reeally confusing me. I need to create a directory to remote server and here are problems
What do I pass in CURLOPT_URL? Is it a root URL or full ith directory?
I want ripple effect in creating directory that is, if I have diectory /abc/def/ghi then they should be created if they do not exists. I have tried CURLOPT_FTP_CREATE_MISSING_DIRS but does not work.
Tried MKD it fails and I cannot say for sure why. Below are the relevant code and log from app
CODE
CURL* handle = curl_easy_init();
SetHandleOptions(handle); //set options
CURLcode res;
wxString uploadUrl =....;//full URL with path like ftp.xyz.com/public_html/dir1/
wxString command1 = "MKD "+uploadUrl;
wxString command2 = "CWD "+uploadUrl;
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, command1.c_str());
headers = curl_slist_append(headers, command2.c_str());
curl_easy_setopt(handle, CURLOPT_QUOTE, headers);
const char* uploadUrlStr = uploadUrl.c_str();
if(handle)
{
//do file upload here
/* upload to this place */
curl_easy_setopt(handle, CURLOPT_URL, uploadUrlStr);
/* enable verbose for easier tracing */
curl_easy_setopt(handle, CURLOPT_VERBOSE, 1L);
curl_easy_setopt(handle, CURLOPT_FTP_CREATE_MISSING_DIRS, 1L);
curl_easy_setopt(handle, CURLOPT_QUOTE, headers);
res = curl_easy_perform(handle);
if(res==CURLE_OK)
{
SendMessage(_("Successfully Created Directory: ")+uploadUrl, HERROR_TYPE_WARNING);
}
else
{
//send error message
wxString str(curl_easy_strerror(res));
SendMessage(str);
}
/* always cleanup */
curl_easy_cleanup(handle);
}
else
{
SendMessage(_("Could Not Connect to Server: Invalid Handle"), HERROR_TYPE_CRITICAL);
}
curl_slist_free_all(headers);
LOG
----------Wed Dec 18 01:33:15 2013----------
Changing Directory to / [01:33:20]
Successfully logged In [01:33:21]
No error [01:33:24]
Starting Files List Fetching... [01:33:24]
No error [01:33:26]
[01:33:32]
IDN support not present, can't parse Unicode domains
[01:33:32]
About to connect() to ftp.hosanna.site40.net port 21 (#2)
[01:33:33]
Trying 31.170.162.203...
[01:33:33]
Adding handle: conn: 0x7fffd0013110
[01:33:33]
Adding handle: send: 0
[01:33:33]
Adding handle: recv: 0
[01:33:33]
Curl_addHandleToPipeline: length: 1
[01:33:33]
- Conn 2 (0x7fffd0013110) send_pipe: 1, recv_pipe: 0
[01:33:33]
[01:33:33]
[01:33:33]
Closing connection 3
[01:33:33]
Couldn't resolve host name [01:33:33]
Connected to ftp.hosanna.site40.net (31.170.162.203) port 21 (#2)
[01:33:34]
220---------- Welcome to Pure-FTPd [privsep] ----------
220-You are user number 9 of 500 allowed.
220-Local time is now 17:33. Server port: 21.
220-This is a private system - No anonymous login
220 You will be disconnected after 3 minutes of inactivity.
[01:33:35]
220-You are user number 9 of 500 allowed.
220-Local time is now 17:33. Server port: 21.
220-This is a private system - No anonymous login
220 You will be disconnected after 3 minutes of inactivity.
[01:33:35]
220-Local time is now 17:33. Server port: 21.
220-This is a private system - No anonymous login
220 You will be disconnected after 3 minutes of inactivity.
[01:33:35]
220-This is a private system - No anonymous login
220 You will be disconnected after 3 minutes of inactivity.
[01:33:35]
220 You will be disconnected after 3 minutes of inactivity.
[01:33:35]
USER xxxxxx
[01:33:35]
331 User xxxxxx OK. Password required
tes of inactivity.
-You are user number 9 of 500 allowed.
220-Local time is now 17:33. Server port: 21.
220-This is a private system - No anonymous login
220 You will be disconnected after 3 minutes of inactivity.
[01:33:35]
PASS xxxxxx
[01:33:35]
230-OK. Current restricted directory is /
230-124 files used (1%) - authorized: 10000 files
230 3051 Kbytes used (0%) - authorized: 1536000 Kb
220-This is a private system - No anonymous login
220 You will be disconnected after 3 minutes of inactivity.
[01:33:36]
230-124 files used (1%) - authorized: 10000 files
230 3051 Kbytes used (0%) - authorized: 1536000 Kb
220-This is a private system - No anonymous login
220 You will be disconnected after 3 minutes of inactivity.
[01:33:36]
230 3051 Kbytes used (0%) - authorized: 1536000 Kb
220-This is a private system - No anonymous login
220 You will be disconnected after 3 minutes of inactivity.
[01:33:36]
PWD
[01:33:36]
257 "/" is your current location
ized: 1536000 Kb
files used (1%) - authorized: 10000 files
230 3051 Kbytes used (0%) - authorized: 1536000 Kb
[01:33:37]
Entry path is '/'
[01:33:37]
MKD ftp://ftp.hosanna.site40.net/public_html/Zulu names and meanings
[01:33:37]
ftp_perform ends with SECONDARY: 0
[01:33:37]
550-Can't create directory: No such file or directory
550-124 files used (1%) - authorized: 10000 files
550 3051 Kbytes used (0%) - authorized: 1536000 Kb
a private system - No anonymous login
220 You will be disconnected after 3 minutes of inactivity.
[01:33:37]
550-124 files used (1%) - authorized: 10000 files
550 3051 Kbytes used (0%) - authorized: 1536000 Kb
a private system - No anonymous login
220 You will be disconnected after 3 minutes of inactivity.
[01:33:37]
550 3051 Kbytes used (0%) - authorized: 1536000 Kb
a private system - No anonymous login
220 You will be disconnected after 3 minutes of inactivity.
[01:33:37]
QUOT command failed with 550
[01:33:37]
Closing connection 2
[01:33:37]
Quote command returned error [01:33:37]
Make sure the Paths are in form of /public_html/somedir not ftp://ftp.somesite.com/public_html/somedir
That is what was going wrong with my code. So I resolved by removing URL. I believe there should be a section on libcurl explaining expected URLs format. I will contribute that once I fully grasp it!
I have a site deployed on azure with django. I have been working on the site for about 6 months and it was working fine. Today all of a sudden the site is not working any more.
The only output I am getting is - "The page cannot be displayed because an internal server error has occurred."
I have the same django code working perfectly on localhost. My azure account has 2 django sites running. Each site is deployed from 2 separate branches from a git repo. Both of them are down.
I tried deploying earlier deployments on azure. it is still showing the same error.
I have also tried setting debug to true on production server. Same results. It seems django is not even being loaded.
My azure account shows a lot of "html server error", when I check under the monitor tab for the site.
What is the problem and how do I solve it? Is a django not loading problem or an azure problem? How do I debug this?
Edit - error log from ftp - logfiles/http/rawlogs
# date time s-sitename cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken
2013-07-19 13:20:30 MAKEYSTREET GET /robots.txt X-ARR-LOG-ID=dbb6383f-5342-4fe4-a419-e3f5f373a8f8 80 - 66.249.74.139 Mozilla/5.0+(compatible;+Googlebot/2.1;++http://www.google.com/bot.html) - - www.makeystreet.com 500 0 0 245 416 3484
2013-07-19 13:34:28 MAKEYSTREET GET / X-ARR-LOG-ID=b4c37c5c-46b3-4ff5-9ae7-e0f18f04b404 80 - 10.21.91.242 Mozilla/5.0+(X11;+Linux+i686)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Ubuntu+Chromium/28.0.1500.52+Chrome/28.0.1500.52+Safari/537.36 ARRAffinity=cf6d46f9fadcc9b088669ec23467baf056a50376566d6aacdbea46e06b6acfa5;+WAWebSiteSID=6c2bf64764594b7ca90e2b539b89b9e6;+sessionid=rhvhu9ibb814v1vwqe3nahkkt1lw0yvu;+csrftoken=gO1x5Vm6kzDRKhmbyjbUuVqWKLUjW3Qy;+_ga=GA1.2.1129966823.1374156576 - makeystreet.com 500 0 0 269 897 3546
2013-07-19 13:34:28 MAKEYSTREET GET /favicon.ico X-ARR-LOG-ID=d918daf9-815e-4ef7-8360-525c9c31506c 80 - 10.21.91.242 Mozilla/5.0+(X11;+Linux+i686)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Ubuntu+Chromium/28.0.1500.52+Chrome/28.0.1500.52+Safari/537.36 ARRAffinity=cf6d46f9fadcc9b088669ec23467baf056a50376566d6aacdbea46e06b6acfa5;+WAWebSiteSID=6c2bf64764594b7ca90e2b539b89b9e6;+sessionid=rhvhu9ibb814v1vwqe3nahkkt1lw0yvu;+csrftoken=gO1x5Vm6kzDRKhmbyjbUuVqWKLUjW3Qy;+_ga=GA1.2.1129966823.1374156576 - makeystreet.com 500 0 0 269 864 93
2013-07-19 14:04:47 MAKEYSTREET GET /robots.txt X-ARR-LOG-ID=1b516136-4a39-4543-b9a4-540ce1fce959 80 - 66.249.74.139 Mozilla/5.0+(compatible;+Googlebot/2.1;++http://www.google.com/bot.html) - - www.makeystreet.com 500 0 0 245 416 3515
2013-07-19 14:05:54 MAKEYSTREET GET / X-ARR-LOG-ID=7dc870f8-a7d4-4701-8b75-042789a362cf 80 - 122.166.237.111 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:22.0)+Gecko/20100101+Firefox/22.0 - - www.makeystreet.com 500 0 0 245 440 187
2013-07-19 14:05:54 MAKEYSTREET GET /favicon.ico X-ARR-LOG-ID=64681a43-c47e-4aea-982d-bd3dace9b19e 80 - 122.166.237.111 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:22.0)+Gecko/20100101+Firefox/22.0 ARRAffinity=cf6d46f9fadcc9b088669ec23467baf056a50376566d6aacdbea46e06b6acfa5;+WAWebSiteSID=2e0ff00f9fd84e28ac6b757c93b43b23 - www.makeystreet.com 500 0 0 245 595 62
2013-07-19 14:06:10 MAKEYSTREET GET / X-ARR-LOG-ID=db1870ec-3b2a-4449-ac13-05ab67ffa212 80 - 122.166.237.111 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:22.0)+Gecko/20100101+Firefox/22.0 ARRAffinity=cf6d46f9fadcc9b088669ec23467baf056a50376566d6aacdbea46e06b6acfa5;+WAWebSiteSID=2e0ff00f9fd84e28ac6b757c93b43b23 - www.makeystreet.com 500 0 0 245 573 109
2013-07-19 14:21:55 MAKEYSTREET GET / X-ARR-LOG-ID=4e72fbec-ff2e-4068-b9fe-0a536718e8c7 80 - 10.21.91.242 Mozilla/5.0+(X11;+Linux+i686)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Ubuntu+Chromium/28.0.1500.52+Chrome/28.0.1500.52+Safari/537.36 ARRAffinity=cf6d46f9fadcc9b088669ec23467baf056a50376566d6aacdbea46e06b6acfa5;+WAWebSiteSID=6c2bf64764594b7ca90e2b539b89b9e6;+sessionid=rhvhu9ibb814v1vwqe3nahkkt1lw0yvu;+csrftoken=gO1x5Vm6kzDRKhmbyjbUuVqWKLUjW3Qy;+_ga=GA1.2.1129966823.1374156576 - makeystreet.com 500 0 0 245 887 3515
2013-07-19 14:21:56 MAKEYSTREET GET /favicon.ico X-ARR-LOG-ID=ee05ce88-08cc-4837-94a4-4ef0326a46be 80 - 10.21.91.242 Mozilla/5.0+(X11;+Linux+i686)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Ubuntu+Chromium/28.0.1500.52+Chrome/28.0.1500.52+Safari/537.36 ARRAffinity=cf6d46f9fadcc9b088669ec23467baf056a50376566d6aacdbea46e06b6acfa5;+WAWebSiteSID=6c2bf64764594b7ca90e2b539b89b9e6;+sessionid=rhvhu9ibb814v1vwqe3nahkkt1lw0yvu;+csrftoken=gO1x5Vm6kzDRKhmbyjbUuVqWKLUjW3Qy;+_ga=GA1.2.1129966823.1374156576 - makeystreet.com 500 0 0 269 864 124