NetScaler Web Application and API Protection

WAF core security protection

December 15, 2023

Contributed by:

The core selection of the counter measures is the most commonly recommended and applied collection of counter measures to apply to your WAF policy.

Counter measure Name	Description
HTML SQL Injection	The HTML SQL Injection Counter measure provides protection against the injection of unauthorized SQL code that might break security. SQL injection is a code injection technique that might destroy your database and is one of the most common web hacking techniques. SQL injection is the placement of malicious code in SQL statements, via webpage input
HTML XSS	Attackers can use cross-site scripting (Cross-Site Scripting) to send a malicious script to an unsuspecting user, where the user’s browser has no way to know that the script should not be trusted, and will run the script. Once ran, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.
CSRF Settings	CSRF (Cross-Site Request Forgery) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. Some common examples include changing the email address on their account, changing a password, or even making a funds transfer.
Buffer Overflow	Buffer Overflow is one of the best-known forms of software (security) vulnerability. Buffer overflows can be used to corrupt the execution stack of a web application. “Sending carefully crafted input to a web application, an attacker can cause the web application to run arbitrary code – effectively taking over the machine.”

HTML SQL Injection

When expanding the HTML SQL Injection counter measure, the following features and customization options will be available.

Wildcard Characters - Enabled or Disabled
Request containing the 4 fields - A drop-down menu providing various if/and/or statements to capture specific types of SQL content.
Comment Handling - Indicates that all comments will be checked (enabled by default).
Relaxation Rules - Relaxation rules can be manually created by clicking the Add button or directly added from the Learning section.
The checkmark icon allows for the multi-selection of configured Relaxation Rules, which can then be removed in bulk.
Learning - When set to On, traffic patterns are analyzed which can enhance the Relaxation Rules, or identify reoccurring threats.
Alert Threshold - A configurable threshold (value) level that once reached (or exceeded), will begin to send alerts for the violations being triggered.

HTML cross-site scripting

When expanding the HTML XSS Counter measure, the following features and customization options are available.

Check Complete URLs - You can turn this feature On or Off to require the counter measure to check the full URL of the offending traffic.
Relaxation Rules - Relaxation rules can be manually created by clicking the Add button or directly added from the Learning section.
The checkmark icon allows for the multi-selection of configured Relaxation Rules, which can then be removed in bulk.
Learning - When set to On, traffic patterns are analyzed which can enhance the Relaxation Rules, or identify reoccurring threats.
Alert Threshold - A configurable threshold (value) level that once reached (or exceeded) begins to send alerts for the violations being triggered.

CSRF Settings

When expanding the HTML cross-site scripting counter measure, the following features and customization options are available.

Alert Threshold - A configurable threshold (value) level that once reached (or exceeded), will begin to send alerts for the violations being triggered.
Relaxation Rules - Relaxation rules can be manually created by clicking the Add button or directly added from the Learning section.
The checkmark icon allows for the multi-selection of configured Relaxation Rules, which can then be removed in bulk.
Learning - When set to On, traffic patterns are analyzed which can enhance the Relaxation Rules, or identify reoccurring threats.

Buffer Overflow

In contrast to the additional features and customization options of the HTML SQL Injection counter measure, the Buffer Overflow has a more simplistic configuration setup.

Max URL Length - Configure the maximum URL length that can be allowed before triggering a violation.
Max Cookie Length - Configure the maximum Cookie string length that can be allowed before triggering a violation.
Max Header Length - Configure the maximum (raw) Header Length that can be allowed before triggering a violation.
Alert Threshold - A configurable threshold (value) level that once reached (or exceeded), will begin to send alerts for the violations being triggered.

Each counter measure is slightly unique in the customization and configuration setup that can be set.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

WAF core security protection

December 15, 2023

Contributed by:

December 15, 2023

Contributed by:

WAF core security protection

HTML SQL Injection

HTML cross-site scripting

CSRF Settings

Buffer Overflow

In this article