Thank you for the feedback
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已动态机器翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.
Este artigo foi traduzido automaticamente.
这篇文章已经过机器翻译.放弃
Translation failed!
XML external entities (XXE) Attack Protection
The XML external entities (XXE) attack protection examines if an incoming payload has any unauthorized XML input regarding entities outside the trusted domain where the web application resides. The XXE attack occurs if you have a weak XML parser that parses an XML payload with input containing references to external entities.
In a Citrix ADC appliance, if the XML parser is improperly configured, the impact of exploiting the vulnerability can be dangerous. It allows an attacker to read sensitive data on the web server. Perform the denial of service attack and so forth. Therefore, it is important protect the appliance from XXE attacks. Web Application Firewall is able to protect the appliance from XXE attacks as long as the content-type is identified as XML. To prevent a malicious user from bypassing this protection mechanism, WAF blocks an incoming request if the “inferred” content-type in the HTTP headers does not match with the content-type of the body. This mechanism prevents the XXE attack protection bypass when a whitelisted default or non-default content-type is used.
Some of the potential XXE threats that affect a Citrix ADC appliance are:
- Confidential data leaks
- Denial-of-service (DOS) attacks
- server side forgery requests
- Port scanning
Configure XML external entities (XXE) injection protection
To configure XML external entities (XXE) check by using the command interface: In the command line interface, you can add or modify the application firewall profile command to configure the XXE settings. You can enable the block, log, and stats actions.
At the command prompt, type:
set appfw profile <name> [-inferContentTypeXmlPayloadAction <inferContentTypeXmlPayloadAction <block | log | stats | none>]
Note:
By default, the XXE action is set as “none.”
Example:
set appfw profile profile1 -inferContentTypeXmlPayloadAction Block
Where, action types are:
Block: The request is blocked without any exception to the urls in the request.
Log: If a mismatch between content-type in an HTTP request header and payload occurs, information about the violating request must be contained in the log message.
Stats: If a mismatch in the content-types is detected, the corresponding statistics for this violation type is incremented.
None: No action is taken if mismatch in content-types is detected. None cannot be combined with any other action type. Default action is set to None.
Configure XXE injection check by using Citrix ADC GUI
Complete the following steps to configure the XXE injection check.
- Navigate to Security > Citrix Web App Firewall > Profiles.
- On the Profiles page, select a profile and click Edit.
-
On the Citrix Web App Firewall Profile page, go to the Advanced Settings section and click Security Checks.
![XML external entity check section]()
- In the Security Checks section, select Infer Content Type XML Payload and click Action settings.
-
In the Infer Content Type XML Payload Settings page, set the following parameters:
- Actions. Select one or more actions to perform for XXE injection security check.
-
Click OK.
![Configuring XML external entity check settings]()
Viewing XXE injection traffic and violation statistics
The Citrix Web App Firewall Statistics page shows security traffic and security violation details in a tabular or graphical format.
To view security statistics by using the command interface.
At the command prompt, type:
stat appfw profile profile1
Viewing XXE injection statistics by using the Citrix ADC GUI
Complete the following steps to view the XXE injection statistics:
- Navigate to Security > Citrix Web App Firewall > Profiles.
- In the details pane, select a Web App Firewall profile and click Statistics.
- The Citrix Web App Firewall Statistics page displays the XXE command injection traffic and violation details.
- You can select Tabular View or switch to Graphical View to display the data in a tabular or graphical format.
Thank you for the feedback
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select Do Not Agree to exit.