In AppExpert
In Citrix ADC 12.1
In Citrix ADC
In All products
Product Documentation
In AppExpert
In Citrix ADC 12.1
In Citrix ADC
In All products
Citrix ADC 12.1 Citrix ADC 13.0
View PDF

Setting the Default Action for a Responder Policy

January 23, 2019
Contributed by:  C

The Citrix ADC appliance generates an undefined event (UNDEF event) when a request does not match a responder policy, and then carries out the default action assigned to undefined events. By default, that action is to forward the request to the next feature without changing it. This default behavior is normally what you want; it ensures that requests that do not require special handling by a specific responder action are sent to your Web servers and clients receive access to the content that they requested.

If the Web site(s) your Citrix ADC appliance protects receive a significant number of invalid or malicious requests, however, you may want to change the default action to either reset the client connection or drop the request. In this type of configuration, you would write one or more responder policies that would match any legitimate requests, and simply redirect those requests to their original destinations. Your Citrix ADC appliance would then block any other requests as specified by the default action you configured.

You can assign any one of the following actions to an undefined event:

  • NOOP

    The NOOP action aborts responder processing but does not alter the packet flow. This means that the appliance continues to process requests that do not match any responder policy, and eventually forwards them to the requested URL unless another feature intervenes and blocks or redirects the request. This action is appropriate for normal requests to your Web servers and is the default setting.

  • RESET

    If the undefined action is set to RESET, the appliance resets the client connection, informing the client that it must re-establish its session with the Web server. This action is appropriate for repeat requests for Web pages that do not exist, or for connections that might be attempts to hack or probe your protected Web site(s).

  • DROP

    If the undefined action is set to DROP, the appliance silently drops the request without responding to the client in any way. This action is appropriate for requests that appear to be part of a DDoS attack or other sustained attack on your servers.

Note: UNDEF events are triggered only for client requests. No UNDEF events are triggered for responses.

To set the undefined action by using the Citrix ADC command line:

At the command prompt, type the following command to set the undefined action and verify the configuration:

  • set responder param -undefAction (RESET DROP NOOP)
  • show responder param

Example:

>set responder param -undefAction RESET
 Done
> show responder param
        Action Name: RESET
 Done
>

To set the undefined action by using the GUI:

  1. Navigate to AppExpert > Responder, and then under Settings, click the **Change Responder Settings **link.
  2. In the Set Responder Params dialog box, under Global Undefined-Result Action, select NOOP, RESET, or DROP.
  3. Click OK. A message appears in the status bar, stating that the Responder Parameters have been configured.

Setting the Default Action for a Responder Policy

January 23, 2019
Contributed by:  C

In this article

Edit this article