Product Documentation

Web application firewall StyleBook

Citrix Web App Firewall is a web application firewall (WAF) that protects web applications and sites from both known and unknown attacks, including all application-layer and zero-day threats.

Citrix ADM now provides a default StyleBook with which you can more conveniently create an application firewall configuration on Citrix ADC instances.

Deploying application firewall configurations

The following task assists you in deploying a load balancing configuration along with the application firewall and IP reputation policy on Citrix ADC instances in your business network.

To create an LB configuration with application firewall settings:

  1. In Citrix ADM, navigate to Applications > Configurations > StyleBooks. The StyleBooks page displays all the StyleBooks available for your use in Citrix ADM. Scroll down and find HTTP/SSL Load Balancing StyleBook with application firewall policy and IP reputation policy. You can also search for the StyleBook by typing the name as “lb-appfw.” Click Create Configuration.

    The StyleBook opens as a user interface page on which you can enter the values for all the parameters defined in this StyleBook.

  2. Enter values for the following parameters:

    • Load Balanced Application Name. Name of the load balanced configuration with application firewall to deploy in your network.

    • Load balanced App Virtual IP address. Virtual IP address at which the Citrix ADC instance receives client requests.

    • Load Balanced App Virtual Port. The TCP Port to be used by the users in accessing the load balanced application.

    • Load Balanced App Protocol. Select the front-end protocol from the list.

    • Application Server Protocol. Select the protocol of the application server.

    localized image

  3. As an option, you can enable and configure the Advanced Load Balancer Settings.

    localized image

  4. Optionally, you can also set up an authentication server for authenticating traffic for the load balancing virtual server.

    localized image

  5. Click “+” in the server IPs and Ports section to create application servers and the ports that they can be accessed on.

    localized image

  6. You can also create FQDN names for application servers.

    localized image

  7. You can also specify the details of the SSL certificate.

    localized image

  8. You can also create monitors in the target Citrix ADC instance.

    localized image

  9. To configure application firewall on the virtual server, enable WAF Settings.

    Ensure that application firewall policy rule is true if you want to apply the application firewall settings to all traffic on that VIP. Otherwise, specify the Citrix ADC policy rule to select a subset of requests to which to apply the application firewall settings. Next, select the type of profile that has to be applied - HTML or XML.

    localized image

  10. Optionally you can configure detailed application firewall profile settings by enabling the application firewall Profile Settings checkbox.

  11. Optionally, if you want to configure application firewall signatures, enter the name of the signature object that is created on the Citrix ADC instance where the virtual server is to be deployed.

    Note: You cannot create signature object by using this StyleBook.

  12. Next, you can also configure any other application firewall profile settings such as, StartURL settings, DenyURL settings and others.

    localized image

    For more information on application firewall and configuration settings, see Application Firewall.

  13. In the Target Instances section, select the Citrix ADC instance on which to deploy the load balancing virtual server with application firewall.

    Note: You can also click the refresh icon to add recently discovered Citrix ADC instances in Citrix ADM to the available list of instances in this window.

  14. You can also enable IP Reputation check to identify the IP address that is sending unwanted requests. You can use the IP reputation list to preemptively reject requests that are coming from the IP with the bad reputation.

    localized image

  15. Click Create to create the configuration on the selected Citrix ADC instances.

    localized image

    Tip: Citrix recommends that you select Dry Run to check the configuration objects that must be created on the target instance before you execute the actual configuration on the instance.

    When the configuration is successfully created, the StyleBook creates the required load balancing virtual server, application server, services, service groups, application firewall labels, application firewall policies, and binds them to the load balancing virtual server.

    The following figure shows the objects created in each server:

    localized image

  16. To see the ConfigPack created on Citrix ADM, navigate to Applications > Configurations.

    localized image

Web application firewall StyleBook