Citrix Application Delivery Management service

All Violations

The All Violations page displays the application security violation details based on the Network, WAF, and Bot categories. To view the security violations in Citrix ADM, ensure:

  • You have a premium license for the Citrix ADC instance (for WAF and BOT violations).

  • You have applied license on the load balancing or content switching virtual servers (for WAF and BOT). For more information, see Manage licensing on virtual servers.

  • You enable more settings. For more information, see the procedure available at Setting up.

Violation categories

Citrix ADM enables you to view the following violations. Under Violation Details, you can click each violation tab to view the violation details.

Network WAF Bot
HTTP Slow Loris Infer Content Type XML Scraper
DNS Slow Loris Buffer Overflow Screenshot Creator
HTTP Slow Post Content Type Search Engine
NXDomain Flood Attack Cookie Consistency Service Agent
HTTP desync attack CSRF Form Tagging Site Monitor
Bleichenbacher Attack Deny URL Speed Tester
Segment smack Attack Form Field Consistency Tool
SYN Flood Attack Field Formats Uncategorized
Small Window Attack Referrer Header Virus Scanner
  Cross-site scripting Vulnerability Scanner
  XML DoS DeviceFP Wait Exceeded
  XML Format Invalid DeviceFP
  XML WSI Invalid Captcha Response
  XML SSL Captcha Attempts Exceeded
  XML Attachment Valid Captcha Response
  XML SOAP Fault Captcha Client Muted
  XML Validation Captcha Wait Time Exceeded
  Others Request Size Limit Exceeded
  IP Reputation Rate Limit Exceeded
  HTTP DOS Block list (IP, subnet, policy expression)
  TCP Small Window Allow list (IP, subnet, policy expression)
  Signature Violation Zero Pixel Request
  File Upload Type Source IP
  JSON cross-site scripting Host
  JSON SQL Geo Location
  Command Injection Crawler
  Cookie Hijack Feed Fetcher
  Block Keyword Link Checker
  JSON Block Keyword Marketing
  Safe Commerce  
  Safe Object  
  HTML SQL Inject  
  Start URL  
  Command Injection Grammar  
  JSON SQL Injection Grammar  


To view the Account Takeover, Website Scanners, and Content Scrapers violations, you must configure the settings in Citrix ADM. See the prerequisite mentioned in the violation details page.

Security violations dashboard

In the security violations dashboard, you can view:

  • Total violations occurred across all ADC instances and applications. The total violations are displayed based on the selected time duration.

    Total violations

  • Total violations under each category.

    Total violations

  • Total ADCs affected, total applications affected, and top violations based on the total occurrences and the affected applications.

    Affected violations

Violation details

For each violation, Citrix ADM monitors the behavior for a specific time duration and detects violations for unusual behaviors. Click each tab to view the violation details. You can view details such as:

  • The total occurrences, last occurred, and total applications affected

  • Under event details, you can view:

    • The affected application. You can also select the application from the list if two or more applications are affected with violations.

    • The graph indicating violations.

    • Recommended Actions that suggest you troubleshoot the issue.

    • Other violation details such as violence occurrence time and detection message.

All Violations