alert http any any -> $HOME_NET any (msg:"ET INFO Liferay JSON Web Services Invoker"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/api/jsonws/invoke"; http.content_type; content:"application/json"; reference:url,codewhitesec.blogspot.com/2020/03/liferay-portal-json-vulns.html; classtype:misc-activity; sid:2031503; rev:2; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2021_01_08, deployment Perimeter, confidence High, signature_severity Informational, updated_at 2026_01_20;)