Product Documentation

NetScaler Web App Security Service

Jul 17, 2017

NetScaler Web App Security Service is a cloud-based Web Application Firewall (WAF) service that protects customer’s web applications and infrastructure from cyber security attacks. It has historical retention capabilities for easy operation and incident analysis.

Features and Benefits

NetScaler Web App Security Service offers the following benefits:

  • Comprehensive Security: It provides protection against web application attacks using SQL Injection,  Cross Site Sripting, Blacklisted and Whitelisted URLs/applications, Signatures and IP Reputation etc. 
  • Fast Deployment: Click & Protect– less than 5 clicks from first time login to protection. This service configuration is Application and Service centric.
  • Ease of Use: It is quick and easy to deploy, manage, and report using a simplified GUI.
  • Lower operational expenses: The service is managed by Citrix saving admin and on premise equipment costs.

Getting Started with NetScaler Web App Security Service

    1.  Users can access this service through the Citrix Cloud interface. User authentication happens when a user connects to the Citrix Cloud service.

    2.  All user information such as certificates/keys are stored in a secure Citrix vault so that the certificates/keys are not left unencrypted.

 

Service Level Goal

NetScaler Web App Security Service is designed with industry best practices to achieve cloud scale and a high degree of service availability.

How to Register for NetScaler Web App Security Service

You can add Web App Security Service by contacting your Citrix sales representative or through a request form on Citrix cloud.

 

How to use NetScaler Web App Security Service

To use NetScaler Web App Security Service:

    1.  After your subscription has been approved, go to https://netscalerappsecurity.cloud.com. Login with your Citrix Cloud account user credentials. The following page is displayed. If you have purchased a license to use the service, the NetScaler Web App Security Service page is displayed as shown below.

localized image

    2.  Click Get Started. The NetScaler Web App Security Service Domains page is displayed.

localized image

    3.  Click Add. The Add Domain page is displayed. Enter the Name and Domain. Upload the SSL Certificate and SSL key files, for example; waf.cert and waf.key. Enter an SSL Pass Phrase and then click Create. The domain is added to the list of domains as shown below.

localized image
localized image
localized image

    4. Select the newly created domain and click Edit to edit it.

localized image
localized image

    5.   Select the newly added Domain and click Manage Applications. Ensure that you change the CNAME provided by the Web App Security service for newly created domain. This changes the DNS record address for the cname. The IP address of the backend server is populated as shown below. Click Close.

localized image
localized image

    6.  Click Add to add an application. Add name and URL for the Application. Click Create and Close.

localized image

    7.  Select an application, and click Security Service Profile, the following Application Firewall profile information is displayed as shown in step a.

localized image

             a)    Application Security Service Profile General page:

localized image

    8.  Expand IP Reputation to verify that it is enabled by default.    

    9.  Expand Security Checks page. Create security profiles. 

                a.   Application Security Checks page:

localized image

    10.   On the Security Check page, edit the While List URLs and click OK.

                a.    Security Check Actions views:

                  i) URL Whitelist Settings:

localized image

                               ii) URL Blacklist Settings:

localized image

                                iii) Buffer Overflow Settings:

localized image

                                iv) Content-type Settings:

localized image

                            V) HTML Cross-Site Scripting Settings:

localized image

                                        Vi) HTML SQL Injection Settings:

localized image

                  b) Expand Profile Settings page. Create security profiles using the available options.

 

localized image

                       c) Expand Profile Signatures page. Signatures are not enabled by default. 

                

localized image

                      d) Expand Relaxation Rules page. Create relaxation rules as required.

localized image

                                               i) URL Whitelist Relaxation Rules:

localized image
localized image
localized image

                                                    ii)  URL Blacklist Relaxation Rules:

localized image
localized image
localized image

Using Security Insight in Web Application Security

The NetScaler Web Application Security solution integrates with the NetScaler MAS service to leverage the MAS services to manage application security in NetScaler deployments with rich analytics of application health and performance.

In the Web Application Security GUI, you can use the security insight feature to view the reports for applications configured for the domains from the domain list view.

To access security insight feature:

In the Web Application Security GUI, click Security Insight.



localized image

You can view records for domains and applications by choosing one of the following:

localized image
localized image
localized image
localized image
localized image