Statistics and reports

The information maintained in the logs and statistics, and displayed in the reports, provides important guidance for configuring and maintaining the Web App Firewall.

The Web App Firewall statistics

When you enable the statistics action for Web App Firewall signatures or security checks, the Web App Firewall maintains information about connections that match that signature or security check. You can view the accumulated statistics information on the Monitoring tab of the main logon page of your Web App Firewall appliance by selecting one of the following choices in the Select Group list box:

• Web App Firewall. A summary of all statistics information gathered by your Web App Firewall appliance for all profiles.
• Web App Firewall (per profile). The same information, but displayed per-profile rather than summarized.

You can use this information to monitor how your Web App Firewall is operating and determine whether there is any abnormal activity or abnormal amounts of hits on a signature or security check. If you see such a pattern of abnormal activity, you can check the logs for that signature or security check, to diagnose the issue, and then take corrective action.

The Web App Firewall Reports

The Web App Firewall reports provide information about your Web App Firewall configuration and how it is handling traffic for your protected web sites.

The PCI DSS report

The Payment Card Industry (PCI) Data Security Standard (DSS), version 1.2, consists of twelve security criteria that most credit card companies require businesses who accept online payments via credit and debit cards to meet. These criteria are designed to prevent identity theft, hacking, and other types of fraud. If an internet service provider or online merchant does not meet the PCI DSS criteria, that ISP or merchant risks losing authorization to accept credit card payments through its web site.

ISPs and online merchants prove that they are in compliance with PCI DSS by having an audit conducted by a PCI DSS Qualified Security Assessor (QSA) Company. The PCI DSS report is designed to assist them both before and during the audit. Before the audit, it shows which Web App Firewall settings are relevant to PCI DSS, how they should be configured, and (most important) whether your current Web App Firewall configuration meets the standard. During the audit, the report can be used to demonstrate compliance with relevant PCI DSS criteria.

The PCI DSS report consists of a list of those criteria that are relevant to your Web App Firewall configuration. Under each criterion, it lists your current configuration options, indicates whether your current configuration complies with the PCI DSS criterion, and explains how to configure the Web App Firewall so that your protected web site(s) will be in compliance with that criterion.

The PCI DSS report is located under System > Reports. To generate the report as an Adobe PDF file, click Generate PCI DSS Report. Depending on your browser settings, the report is displayed in the pop-up window or you are prompted to save it to your hard disk.

Note: To view this and other reports, you must have the Adobe Reader program installed on your computer.

The PCI DSS report consists of the following sections:

• Description. A description of the PCI DSS Compliance Summary report.

• Firewall License and Feature Status. Tells you whether the Web App Firewall is licensed and enabled on your Citrix ADC appliance.

• Executive Summary. A table that lists the PCI DSS criteria and tells you which of those criteria are relevant to the Web App Firewall.

• Detailed PCI DSS Criteria Information. For each PCI DSS criterion that is relevant to your Web App Firewall configuration, the PCI DSS report provides a section that contains information about whether your configuration is currently in compliance and, if it is not, how to bring it into compliance.

• Configuration. Data for individual profiles, which you access either by clicking Web App Firewall Configuration at the top of the report, or directly from the Reports pane. The Web App Firewall Configuration report is the same as the PCI DSS report, with the PCI DSS-specific summary omitted, and is described below.

The Web App Firewall configuration report

The Web App Firewall Configuration report is located under System > Reports. To display it, click Generate Web App Firewall Configuration Report. Depending on your browser settings, the report is displayed in the pop-up window or you are prompted to save it to your hard disk.

The Web App Firewall Configuration report starts with a Summary page, which consists of the following sections:

• Web App Firewall Policies. A table that lists your current Web App Firewall policies, showing the policy name, the content of the policy, the action (or profile) it is associated with, and global binding information.
• Web App Firewall Profiles. A table that lists your current Web App Firewall profiles and indicates which policy each profile is associated with. If a profile is not associated with a policy, the table displays INACTIVE in that location.

To download all report pages for all policies, at the top of the Profiles Summary page click Download All Profiles. You display the report page for each individual profile by selecting that profile in the table at the bottom of the screen. The Profile page for an individual profile shows whether each check action is enabled or disabled for each check, and the other configuration settings for the check.

To download a PDF file containing the PCI DSS report page for the current profile, click Download Current Profile at the top of the page. To return to the Profiles Summary page, click Web App Firewall Profiles. To go back to the main page, click Home. You can refresh the PCI DSS report at any time by clicking Refresh in the upper right corner of the browser. You should refresh the report if you make changes to your configuration.