settings affect all requests and responses that the application firewall
processes. They include the following items:
- Cookie name—The name
of the cookie that stores the NetScaler session ID.
- Session timeout—The
maximum inactive period allowed. If a user session shows no activity for this
length of time, the session is terminated and the user is required to
reestablish it by visiting a designated start page.
- Cookie post-encrypt
prefix—The string that precedes the encrypted portion of any encrypted
- Maximum session
lifetime—The maximum amount of time, in seconds, that a session is allowed
to remain live. After this period is reached, the session is terminated and the
user is required to reestablish it by visiting a designated start page. This setting cannot be less then the session timeout. To disable this setting, so that there is no maximum session lifetime, set the value to zero (0).
- Logging header
name—The name of the HTTP header that holds the Client IP, for logging.
- Undefined profile—The
profile applied when the corresponding policy action evaluates as undefined.
- Default profile—The
profile applied to connections that do not match a policy.
- Import size limit—The maximum cumulative total byte count of all files imported to the ADC, including signatures, WSDLs, schemas, HTML and XML error pages. During an import, if the size of the imported object would cause the cumulative total sizes of all imported files to exceed the configured limit, the import operation fails and the ADC displays the following error message: ERROR: Import failed - exceeding the configured total size limit on the imported objects.
- Learn message rate
limit—The maximum number of requests and responses per second that the
learning engine is to process. Any additional requests or responses over this
limit are not sent to the learning engine.
decoding—Decode HTML entities when running application firewall checks.
- Log malformed
request—Enable logging of malformed HTTP requests.
- Use configurable secret
key—Use a configurable secret key for application firewall operations.
- Reset learned
data—Remove all learned data from the application firewall. Restarts the
learning process by collecting fresh data.
Two settings, Reset Learned Data and Signatures Auto-Update, are found in different places depending on whether you use the command line or the configuration utility to configure your application firewall. When using the command line, you configure Reset Learned Data by using the reset appfw learningdata command, which takes no parameters and has no other functions. You configure Signatures Auto-Update in the set appfw settings command: the -signatureAutoUpdate parameter enables or disables auto-updating of the signatures, and -signatureUrl configures the URL which hosts the updated signatures file.
When using the configuration utility, you configure Reset Learned Data in Reset Learned Data button is at the bottom of the dialog box. You configure Signatures Auto-Update for each set of signatures in , by selecting the signatures file, clicking the right mouse button and selecting Auto Update Settings.; the
default values for the application firewall settings are correct. If the default settings cause a
conflict with other servers or cause premature disconnection of your users,
however, you might need to modify them.