Product Documentation

appfw policy

Sep 12, 2016

The following operations can be performed on "appfw policy":

add | rm | set | unset | show | stat | rename

add appfw policy

Creates an application firewall policy.

Synopsys

add appfw policy <name> <rule> <profileName> [-comment <string>] [-logAction <string>]

Arguments

name

Name for the policy.

Must begin with a letter, number, or the underscore character \\(_\\), and must contain only letters, numbers, and the hyphen \\(-\\), period \\(.\\) pound \\(\\#\\), space \\( \\), at (@), equals \\(=\\), colon \\(:\\), and underscore characters. Can be changed after the policy is created.

The following requirement applies only to the NetScaler CLI:

If the name includes one or more spaces, enclose the name in double or single quotation marks \\(for example, "my policy" or 'my policy'\\).

rule

Name of the NetScaler named rule, or a NetScaler default syntax expression, that the policy uses to determine whether to filter the connection through the application firewall with the designated profile.

profileName

Name of the application firewall profile to use if the policy matches.

comment

Any comments to preserve information about the policy for later reference.

logAction

Where to log information for connections that match this policy.

rm appfw policy

Removes an application firewall policy.

Synopsys

rm appfw policy <name>

Arguments

name

Name of the policy to remove.

set appfw policy

Modifies the specified parameters of an application firewall policy.

Synopsys

set appfw policy <name> [-rule <expression>] [-profileName <string>] [-comment <string>] [-logAction <string>]

Arguments

name

Name of the policy to modify.

rule

Name of the NetScaler named rule, or a NetScaler default syntax expression, that the policy uses to determine whether to filter the connection through the application firewall with the designated profile.

profileName

Name of the application firewall profile to use if the policy matches.

comment

Any comments to preserve information about the policy for later reference.

logAction

Where to log information for connections that match this policy.

Example

set transform policy pol9 -rule "HTTP.REQ.HEADER(\\\\"header\\\\").CONTAINS(\\\\"qh2\\\\")"

unset appfw policy

Removes the settings of an existing application firewall policy. Attributes for which a default value is available revert to their default values. See the set appfw policy command for a description of the parameters..Refer to the set appfw policy command for meanings of the arguments.

Synopsys

unset appfw policy <name> [-comment] [-logAction]

Example

unset transform policy pol9 -undefAction

show appfw policy

Displays the current settings for the specified application firewall policy. If no policy name is provided, displays a list of all application firewall policies currently configured on the NetScaler appliance.

Synopsys

show appfw policy [<name>]

Arguments

name

Name of the policy.

Outputs

stateflag

rule

Name of the NetScaler named rule, or a NetScaler default syntax expression, that the policy uses to determine whether to filter the connection through the application firewall with the designated profile.

profileName

Name of the application firewall profile to use if the policy matches.

hits

Number of hits.

piHits

Number of hits.

undefHits

Number of Undef hits.

gotoPriorityExpression

Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.

labelType

Type of policy label invocation.

labelName

Name of the label to invoke if the current policy rule evaluates to TRUE.

comment

Any comments to preserve information about the policy for later reference.

logAction

Where to log information for connections that match this policy.

boundTo

The entity name to which policy is bound

activePolicy

Indicates whether policy is bound or not.

priority

Specifies the priority of the policy.

bindPolicyType

policyType

vserverType

devno

count

stat appfw policy

Displays statistics for the specified application firewall policy. If no application firewall policy is specified, displays abbreviated statistics for all application firewall policies.

Synopsys

stat appfw policy [<name>] [-detail] [-fullValues] [-ntimes <positive_integer>] [-logFile <input_filename>] [-clearstats ( basic | full )]

Arguments

name

Name of the application firewall policy.

detail

Specifies detailed output (including more statistics). The output can be quite voluminous. Without this argument, the output will show only a summary.

fullValues

Specifies that numbers and strings should be displayed in their full form. Without this option, long strings are shortened and large numbers are abbreviated

ntimes

The number of times, in intervals of seven seconds, the statistics should be displayed.

Default value: 1

Minimum value: 0

logFile

The name of the log file to be used as input.

clearstats

Clear the statsistics / counters

Possible values: basic, full

Outputs

count

devno

stateflag

Outputs

Policy hits (Hits)

Number of hits on the policy

Policy undef hits (Undefhits)

Number of undef hits on the policy

Example

stat appfw policy

rename appfw policy

Renames an application firewall policy.

Synopsys

rename appfw policy <name>@ <newName>@

Arguments

name

Existing name of the application firewall policy.

newName

New name for the policy. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters.

The following requirement applies only to the NetScaler CLI:

If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my policy" or 'my policy').

Example

rename appfw policy oldname newname