Setting the Default Action for a Responder Policy

January 23, 2019

Contributed by: C

The Citrix ADC appliance generates an undefined event (UNDEF event) when a request does not match a responder policy, and then carries out the default action assigned to undefined events. By default, that action is to forward the request to the next feature without changing it. This default behavior is normally what you want; it ensures that requests that do not require special handling by a specific responder action are sent to your Web servers and clients receive access to the content that they requested.

If the Web site(s) your Citrix ADC appliance protects receive a significant number of invalid or malicious requests, however, you may want to change the default action to either reset the client connection or drop the request. In this type of configuration, you would write one or more responder policies that would match any legitimate requests, and simply redirect those requests to their original destinations. Your Citrix ADC appliance would then block any other requests as specified by the default action you configured.

You can assign any one of the following actions to an undefined event:

NOOP

The NOOP action aborts responder processing but does not alter the packet flow. This means that the appliance continues to process requests that do not match any responder policy, and eventually forwards them to the requested URL unless another feature intervenes and blocks or redirects the request. This action is appropriate for normal requests to your Web servers and is the default setting.

RESET

If the undefined action is set to RESET, the appliance resets the client connection, informing the client that it must re-establish its session with the Web server. This action is appropriate for repeat requests for Web pages that do not exist, or for connections that might be attempts to hack or probe your protected Web site(s).

DROP

If the undefined action is set to DROP, the appliance silently drops the request without responding to the client in any way. This action is appropriate for requests that appear to be part of a DDoS attack or other sustained attack on your servers.

Note: UNDEF events are triggered only for client requests. No UNDEF events are triggered for responses.

To set the undefined action by using the Citrix ADC command line:

At the command prompt, type the following command to set the undefined action and verify the configuration:

set responder param -undefAction (RESET DROP NOOP)
show responder param

Example:

>set responder param -undefAction RESET
 Done
> show responder param
        Action Name: RESET
 Done
>

To set the undefined action by using the GUI:

Navigate to AppExpert > Responder, and then under Settings, click the **Change Responder Settings **link.
In the Set Responder Params dialog box, under Global Undefined-Result Action, select NOOP, RESET, or DROP.
Click OK. A message appears in the status bar, stating that the Responder Parameters have been configured.

The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only. Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Citrix product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Citrix will not be held responsible for any damage or issues that may arise from using machine-translated content.

Edit this article

Setting the Default Action for a Responder Policy

January 23, 2019

Contributed by: C

Setting the Default Action for a Responder Policy

Setting the Default Action for a Responder Policy

In this article