- NetScaler Web App Security Service
NetScaler Web App Security Service is a cloud-based Web Application Firewall (WAF) service that protects customer’s web applications and infrastructure from cyber security attacks. It has historical retention capabilities for easy operation and incident analysis.
NetScaler Web App Security Service offers the following benefits:
1. Users can access this service through the Citrix Cloud interface. User authentication happens when a user connects to the Citrix Cloud service.
2. All user information such as certificates/keys are stored in a secure Citrix vault so that the certificates/keys are not left unencrypted.
NetScaler Web App Security Service is designed with industry best practices to achieve cloud scale and a high degree of service availability.
You can add Web App Security Service by contacting your Citrix sales representative or through a request form on Citrix cloud.
To use NetScaler Web App Security Service:
1. After your subscription has been approved, go to https://netscalerappsecurity.cloud.com. Login with your Citrix Cloud account user credentials. The following page is displayed. If you have purchased a license to use the service, the NetScaler Web App Security Service page is displayed as shown below.
2. Click Get Started. The NetScaler Web App Security Service Domains page is displayed.
3. Click Add. The Add Domain page is displayed. Enter the Name and Domain. Upload the SSL Certificate and SSL key files, for example; waf.cert and waf.key. Enter an SSL Pass Phrase and then click Create. The domain is added to the list of domains as shown below.
4. Select the newly created domain and click Edit to edit it.
5. Select the newly added Domain and click Manage Applications. Ensure that you change the CNAME provided by the Web App Security service for newly created domain. This changes the DNS record address for the cname. The IP address of the backend server is populated as shown below. Click Close.
6. Click Add to add an application. Add name and URL for the Application. Click Create and Close.
7. Select an application, and click Security Service Profile, the following Application Firewall profile information is displayed as shown in step a.
a) Application Security Service Profile General page:
8. Expand IP Reputation to verify that it is enabled by default.
9. Expand Security Checks page. Create security profiles.
a. Application Security Checks page:
10. On the Security Check page, edit the While List URLs and click OK.
a. Security Check Actions views:
i) URL Whitelist Settings:
ii) URL Blacklist Settings:
iii) Buffer Overflow Settings:
iv) Content-type Settings:
V) HTML Cross-Site Scripting Settings:
Vi) HTML SQL Injection Settings:
b) Expand Profile Settings page. Create security profiles using the available options.
c) Expand Profile Signatures page. Signatures are not enabled by default.
d) Expand Relaxation Rules page. Create relaxation rules as required.
i) URL Whitelist Relaxation Rules:
ii) URL Blacklist Relaxation Rules:
The NetScaler Web Application Security solution integrates with the NetScaler MAS service to leverage the MAS services to manage application security in NetScaler deployments with rich analytics of application health and performance.
In the Web Application Security GUI, you can use the security insight feature to view the reports for applications configured for the domains from the domain list view.
To access security insight feature:
In the Web Application Security GUI, click Security Insight.
You can view records for domains and applications by choosing one of the following: