-
Use case - Binding Web App Firewall policy to a VPN virtual server
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Use case - Binding Web App Firewall policy to a VPN virtual server
NetScaler provides a solution to protect multiple applications that are managed by the VPN virtual server. By binding application security policies to the VPN virtual server, you can protect all the applications behind it.
The following are the ways to deploy application security at a VPN virtual server:
- Protect all the applications behind the VPN virtual server with a single Web App Firewall profile
- Protect each application behind the VPN virtual server with a different Web App Firewall profile
Protect all the applications behind the VPN virtual server with a single Web App Firewall profile
To protect all your applications that are behind the VPN virtual server with a single Web App Firewall policy, you must create a Web App Firewall policy and bind it to a VPN virtual server.
Example:
A company hosts three critical applications - SAP, Workday, and Tally - on a VPN virtual server. As a network administrator, you decide to protect these applications against the OWASP Top 10 security risks.
To achieve this use case, perform the following operations:
-
Create the Web App Firewall profile with appropriate checks for OSWAP Top 10 security risks.
add appfw profile pr-basic -crossSiteScriptingAction block -SQLInjectionAction blockFor more information on configuring OSWAP Top 10 security risks, see Add security protection.
-
Add the app firewall policy and associate that policy with the profile pr-basic.
add appfw policy owasp_policy true pr-basic -
Bind the Web App Firewall policy to the VPN virtual server.
bind appfw vpn vserver vserver10 -policy owasp_policy -priority 10
Protect each application behind VPN virtual server with a different Web App Firewall profile
To perform specific security checks based on the Web App Firewall architecture (server, OS, JavaScript library, and so on.), individual security checks might be required for each web application. In such scenarios, multiple Web App Firewall policies can be configured.
Example:
A company hosts three critical applications (SAP, Workday, and Tally) behind a VPN virtual server. As a network administrator, you decide to create a unique Web App Firewall policy for optimal protection for each application.
To achieve this use case, perform the following operations:
-
Create multiple profiles based on the required application. Configure the profile with the necessary security checks based on the application’s need.
add appfw profile pr-basic1 -crossSiteScriptingAction block -SQLInjectionAction block add appfw profile pr-basic 2-crossSiteScriptingAction block -SQLInjectionAction block add appfw profile pr-basic 3 -crossSiteScriptingAction block -SQLInjectionAction block <!--NeedCopy--> -
Add the app firewall policies that are applicable for each application and associate the policy with the profile.
add appfw policy sap_policy true HTTP.REQ.URL.CONTAINS (“sap.com”) pr-basic1
add appfw policy workday_policy true HTTP.REQ.URL.CONTAINS (“workday.com”) pr-basic2
add appfw policy tally_policy true HTTP.REQ.URL.CONTAINS (“tally.com”) pr-basic3
<!--NeedCopy-->
- Bind the created policy to VPN vserver1
. bind appfw vpn vserver vserver1 -policy sap_policy -priority 10
. bind appfw vpn vserver vserver1 -policy workday_policy -priority 20
. bind appfw vpn vserver vserver1 -policy tally_policy -priority 30
<!--NeedCopy-->
For more information on the following topics:
- Configuring the Web App Firewall policy, see Creating and configuring Web App Firewall policies.
- Binding the Web App Firewall policy, see Binding Web App Firewall policies.
- Configuring VPN virtual servers, see Create virtual servers.
Share
Share
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.