-
Getting Started with Citrix ADC
-
Deploy a Citrix ADC VPX instance
-
Install a Citrix ADC VPX instance on Microsoft Hyper-V servers
-
Install a Citrix ADC VPX instance on Linux-KVM platform
-
Prerequisites for Installing Citrix ADC VPX Virtual Appliances on Linux-KVM Platform
-
Provisioning the Citrix ADC Virtual Appliance by using OpenStack
-
Provisioning the Citrix ADC Virtual Appliance by using the Virtual Machine Manager
-
Configuring Citrix ADC Virtual Appliances to Use SR-IOV Network Interface
-
Configuring Citrix ADC Virtual Appliances to use PCI Passthrough Network Interface
-
Provisioning the Citrix ADC Virtual Appliance by using the virsh Program
-
Provisioning the Citrix ADC Virtual Appliance with SR-IOV, on OpenStack
-
Configuring a Citrix ADC VPX Instance on KVM to Use OVS DPDK-Based Host Interfaces
-
-
Deploy a Citrix ADC VPX instance on Microsoft Azure
-
Network architecture for Citrix ADC VPX instances on Microsoft Azure
-
Configure multiple IP addresses for a Citrix ADC VPX standalone instance
-
Configure a high-availability setup with multiple IP addresses and NICs
-
Configure a high-availability setup with multiple IP addresses and NICs by using PowerShell commands
-
Configure HA-INC nodes by using the Citrix high availability template with Azure ILB
-
Configure address pools (IIP) for a Citrix Gateway appliance
-
-
Upgrade and downgrade a Citrix ADC appliance
-
Solutions for Telecom Service Providers
-
Load Balance Control-Plane Traffic that is based on Diameter, SIP, and SMPP Protocols
-
Provide Subscriber Load Distribution Using GSLB Across Core-Networks of a Telecom Service Provider
-
Authentication, authorization, and auditing application traffic
-
Configuring authentication, authorization, and auditing policies
-
Configuring Authentication, authorization, and auditing with commonly used protocols
-
Use an on-premises Citrix Gateway as the identity provider for Citrix Cloud
-
Troubleshoot authentication issues in Citrix ADC and Citrix Gateway with aaad.debug module
-
-
-
-
Application Firewall Profile Settings
-
-
-
-
-
Persistence and persistent connections
-
Advanced load balancing settings
-
Gradually stepping up the load on a new service with virtual server–level slow start
-
Protect applications on protected servers against traffic surges
-
Retrieve location details from user IP address using geolocation database
-
Use source IP address of the client when connecting to the server
-
Use client source IP address for backend communication in a v4-v6 load balancing configuration
-
Set a limit on number of requests per connection to the server
-
Configure automatic state transition based on percentage health of bound services
-
-
Use case 2: Configure rule based persistence based on a name-value pair in a TCP byte stream
-
Use case 3: Configure load balancing in direct server return mode
-
Use case 6: Configure load balancing in DSR mode for IPv6 networks by using the TOS field
-
Use case 7: Configure load balancing in DSR mode by using IP Over IP
-
Use case 10: Load balancing of intrusion detection system servers
-
Use case 11: Isolating network traffic using listen policies
-
Use case 14: ShareFile wizard for load balancing Citrix ShareFile
-
-
-
-
-
Authentication and authorization
-
-
Configuring a CloudBridge Connector Tunnel between two Datacenters
-
Configuring CloudBridge Connector between Datacenter and AWS Cloud
-
Configuring a CloudBridge Connector Tunnel Between a Datacenter and Azure Cloud
-
Configuring CloudBridge Connector Tunnel between Datacenter and SoftLayer Enterprise Cloud
-
Configuring a CloudBridge Connector Tunnel Between a Citrix ADC Appliance and Cisco IOS Device
-
CloudBridge Connector Tunnel Diagnostics and Troubleshooting
-
-
Synchronizing Configuration Files in a High Availability Setup
-
Restricting High-Availability Synchronization Traffic to a VLAN
-
Understanding the High Availability Health Check Computation
-
Managing High Availability Heartbeat Messages on a Citrix ADC Appliance
-
Remove and Replace a Citrix ADC in a High Availability Setup
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已动态机器翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.
Este artigo foi traduzido automaticamente.
这篇文章已经过机器翻译.放弃
Translation failed!
Web Application Firewall profile settings
Following are the profile settings that you must configure on the appliance.
At the command prompt, type:
add appfw profile <name> [-invalidPercentHandling <invalidPercentHandling>] [-checkRequestHeaders ( ON | OFF )] [-URLDecodeRequestCookies ( ON | OFF )] [-optimizePartialReqs ( ON | OFF )] [-errorURL <expression>]
Example:
add appfw profile profile1 [-invalidPercentHandling secure_mode] [-checkRequestHeaders ON] [-URLDecodeRequestCookies OFF] [-optimizePartialReqs OFF]
Where,
invalidPercentHandling. Configure the method for handling percent-encoded names and values.
Available settings function as follows:
asp_mode - Strips and Parses Invalid Percent for Parsing. Example:- curl –v “http://<vip>/forms/login.html?field=sel%zzect -> Invalid percent encoded char(%zz)
is stripped of and the rest of the content is inspected and action taken for the SQLInjection check.
secure_mode - We detect the Invalid Percent coded value and ignore it. Example:- curl –v “http://<vip>/forms/login.html?field=sel%zzect -> Invalid percent encoded char(%zz)
is detected, counters are incremented and content is passed as is to the server.
apache_mode - This mode works similar to secure mode.
Possible values: apache_mode, asp_mode, secure_mode
Default value: secure_mode
optimizePartialReqs. When OFF/ON (without safe object), a Citrix ADC appliance sends the partial request to the back-end server. This partial response sent back to the client. OptimizePartialReqs makes sense when the Safe object is configured. The appliance sends requests for full response from the server when OFF, requests only partial response when ON.
Available settings are as follows:
ON - Partial requests by the client result in partial requests to the back-end server. OFF - Partial requests by the client are changed to full requests to the back-end server Possible values: ON, OFF Default value: ON
URLDecodeRequestCookies. URL Decode request cookies before subjecting them to SQL and cross-site scripting checks.
Possible values: ON, OFF Default value: OFF
Signature Post Body Limit (Bytes). Limits the request payload (in bytes) inspected for signatures with the location specified as ‘HTTP_POST_BODY’.
Default value: 8096 Minimum value: 0 Maximum Value: 4294967295
Post Body Limit (Bytes). Limits the request payload (in bytes) inspected by Web Application Firewall.
Default value: 20000000 Minimum value: 0 Maximum Value: 10 GB
postBodyLimitAction. PostBodyLimit honors error settings when you specify the maximum size of HTTP body to be allowed. To honor error settings you must configure one or more Post Body Limit actions. The configuration is also applicable for requests where the transfer encoding header is chunked.
set appfw profile <profile_name> -PostBodyLimitAction block log stats
Where, Block - This action blocks connection that violates the security check and it is based on the maximum size of the configured HTTP body (post body limit). The option must always be enabled.
Log - Log violations of this security check.
Stats - Generate statistics for this security check.
Note:
The log format for post body limit action is now changed to follow the standard audit logging format, for example:
ns.log.4.gz:Jun 25 1.1.1.1. <local0.info> 10.101.10.100 06/25/2020:10:10:28 GMT 0-PPE-0 : default APPFW APPFW_POSTBODYLIMIT 1506 0 : <Netscaler IP> 4234-PPE0 - testprof ><URL> Request post body length(<Post Body Length>) exceeds post body limit.
inspectQueryContentTypes Inspect request query and web forms for injected SQL and cross-site scripts for the following content types.
set appfw profile p1 -inspectQueryContentTypes HTML XML JSON OTHER
Possible values: HTML, XML, JSON, OTHER
By default, this parameter is set as “InspectQueryContentTypes: HTML JSON OTHER” for both basic and advanced appfw profiles.
Example for inspect query content type as XML:
> set appfw profile p1 -type XML
Warning: HTML, JSON checks except “InspectQueryContentTypes” Action will not be applicable when profile type is not HTML or JSON respectively.
Example for inspect query content type as HTML:
> set appfw profile p1 -type HTML
Warning: XML, JSON checks except “InspectQueryContentTypes” Action will not be applicable when profile type is not XML or JSON respectively
Done
Example for inspect query content type as JSON:
> set appfw profile p1 -type JSON
Warning: HTML, XML checks except “InspectQueryContentTypes” Action will not be applicable when profile type is not HTML or XML respectively
Done
errorURL expression. The URL that the Citrix Web App Firewall uses as an error URL. Maximum Length: 2047.
Note:
For blocking violations in a requested URL, if the error URL is similar to the signature URL the appliance resets the connection.
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select Do Not Agree to exit.