Product Documentation

Introduction

The Citrix Web Web App Firewall prevents security breaches, data loss, and possible unauthorized modifications to web sites that access sensitive business or customer information. It does so by filtering both requests and responses, examining them for evidence of malicious activity, and blocking those that exhibit such activity. Your site is protected not only from common types of attacks, but also from new, as yet unknown attacks. In addition to protecting web servers and web sites from unauthorized access and misuse by hackers and malicious programs, the Web App Firewall provides protection against security vulnerabilities in legacy CGI code or scripts, other web frameworks, web server software, and the underlying operating systems.

The Citrix Web Web App Firewall is available as a stand-alone appliance, or as a feature on a Citrix ADC virtual appliance (VPX). In the Web App Firewall documentation, the term Citrix ADC refers to the platform on which the Web App Firewall is running, regardless of whether that platform is a dedicated firewall appliance, a Citrix ADC on which other features have also been configured, or a Citrix ADC VPX.

To use the Web App Firewall, you must create at least one security configuration to block connections that violate the rules that you set for your protected web sites. The number of security configurations that you might want to create depends on the complexity of your web site. In some cases, a single configuration is sufficient. In other cases, particularly those that include interactive web sites, web sites that access database servers, online stores with shopping carts, you might need several different configurations to best protect sensitive data without wasting significant effort on content that is not vulnerable to certain types of attacks. You can often leave the defaults for the global settings, which affect all security configurations, unchanged. However, you can change the global settings if they conflict with other parts of your configuration or you prefer to customize them.

Introduction

In this article