- Creating and Configuring Application Firewall Policies
- Binding Application Firewall Policies
- Viewing a Firewall Policy's Bindings
- Supplemental Information about Application Firewall Policies
After you have configured your application firewall policies, you bind them to Global or a bind point to put them into effect. After binding, any request or response that matches an application firewall policy is transformed by the profile associated with that policy.
When you bind a policy, you assign a priority to it. The priority determines the order in which the policies you define are evaluated. You can set the priority to any positive integer. In the NetScaler OS, policy priorities work in reverse order - the higher the number, the lower the priority.
Because the application firewall feature implements only the first policy that a request matches, not any additional policies that it might also match, policy priority is important for achieving the results that you intend. If you give your first policy a low priority (such as 1000), you configure the application firewall to perform it only if other policies with a higher priority do not match a request. If you give your first policy a high priority (such as 1), you configure the application firewall to perform it first, and skip any other policies that might also match. You can leave yourself plenty of room to add other policies in any order, without having to reassign priorities, by setting priorities with intervals of 50 or 100 between each policy when you bind your policies.
For more information about binding policies on the NetScaler appliance, see "Policies and Expressions."
At the command prompt, type the following commands:
The following example binds the policy named pl-blog and assigns it a priority of 10.
bind appfw global pl-blog 10 save ns config