产品文档
ADC
14.1 - Current Release 13.1 13.0 12.1
View PDF

Updating a signature object

September 21, 2020
Contributed by:
S S

You should update your signatures objects frequently to ensure that your Web App Firewall is providing protection against current threats. You must regularly update both the default Web App Firewall signatures and any signatures that you import from a supported vulnerability scanning tool.

Citrix regularly updates the default signatures for the Web App Firewall. You can update the default signatures manually or automatically. In either case, ask your Citrix representative or Citrix reseller for the URL to access the updates. You can enable automatic updates of the Citrix native format signatures in the “Engine Settings” and “Signature Auto Update Settings” dialog boxes.

Most makers of vulnerability scanning tools regularly update the tools. Most websites also change frequently. You should update your tool and rescan your web sites regularly, exporting the resulting signatures to a file and importing them into your Web App Firewall configuration.

Tip

When you update the Web App Firewall signatures from the Citrix ADC command line, you must first update the default signatures, and then issue more update commands to update each custom signatures file that is based on the default signatures. If you do not update the default signatures first, a version mismatch error prevents updating of the custom signatures files.Note

The following applies to merging a third-party signature object with a user-defined signature object with Native rules and user-added rules:

When a version 0 signatures is merged with a new imported file, the resultant signatures remain as version 0.

This means all native (or built-in) rules in the imported file will be ignored after the merge. This is to ensure that the version 0 signatures are maintained as is after a merge.

To include the native rules in the imported file for merge, you should update the existing signatures from version 0 first before the merge. This means you need to abandon the version 0 nature of the existing signatures.

When there is a Citrix ADC release upgrade, the file “default_signatures.xml” is added to the new build and the file “updated_signature.xml” is removed from the older build. After the upgrade, if the signature auto update feature is enabled, the appliance updates the existing signature to the latest version of the build and generates the “updated_signature.xml” file.

To update the Web App Firewall signatures from the source by using the command line

At the command prompt, type the following commands:

  • update appfw signatures [-mergedefault]
  • save ns config

Example

The following example updates the signatures object named MySignatures from the default signatures object, merging new signatures in the default signatures object with the existing signatures. This command does not overwrite any user-created signatures or signatures imported from another source, such as an approved vulnerability scanning tool.

update appfw signatures MySignatures -mergedefault save ns config

Updating a signatures object from a Citrix format file

Citrix regularly updates the signatures for the Web App Firewall. You should regularly update the signatures on your Web App Firewall to ensure that your Web App Firewall is using the most current list. Ask your Citrix representative or Citrix reseller for the URL to access the updates.

To update a signatures object from a Citrix format file by using the command line

At the command prompt, type the following commands:

  • update appfw signatures [-mergeDefault]
  • save ns config

To update a signatures object from a Citrix format file by using the GUI

  1. Navigate toSecurity>Web App Firewall>Signatures.
  2. In the details pane, select the signatures object that you want to update.
  3. In theActiondrop-down list, selectMerge.
  4. In theUpdate Signatures Objectdialog box, choose one of the following options.
    • Import from URL赵ose this option if you download signature updates from a web URL.
    • Import from Local File赵ose this option if you import signature updates from a file on your local hard drive, network hard drive, or other storage device.
  5. In the text area, type the URL, or type or browse to the local file.
  6. ClickUpdate. The update file is imported, and the Update Signatures dialog box changes to a format nearly identical to that of theModify Signatures Objectdialog box. TheUpdate Signatures Objectdialog box displays all branches with new or modified signature rules, SQL injection or cross-site scripting patterns, and XPath injection patterns if there are any.
  7. Review and configure the new and modified signatures.
  8. When you are finished, clickOK, and then clickClose.

Updating a signatures object from a supported vulnerability scanning tool

Note: Before you update a signatures object from a file, you must create the file by exporting signatures from the vulnerability scanning tool.

To import and update signatures from a vulnerability scanning tool

  1. Navigate toSecurity>Web App Firewall>Signatures.
  2. In the details pane, select the signatures object that you want to update, and then clickMerge.
  3. In theUpdate Signatures Objectdialog box, on theExternal Formattab, Import section, choose one of the following options.
    • Import from URL赵ose this option if you download signature updates from a Web URL.
    • Import from Local File赵ose this option if you import signature updates from a file on your local or a network hard drive or other storage device.
  4. In the text area, type the URL, or browse or type the path to the local file.
  5. In the XSLT section, choose one of the following options.
    • Use Built-in XSLT File赵ose this option if you want to use a built-in XSLT file.
    • Use Local XSLT File赵ose this option to use an XSLT file on your local computer.
    • Reference XSLT from URL赵ose this option to import an XSLT file from a web URL.
  6. If you chose Use Built-in XSLT File, in the Built-In XSLT drop-down list select the file that you want to use from the following options:
    • Cenzic。
    • Deep_Security_for_Web_Apps.
    • Hewlett_Packard_Enterprise_WebInspect.
    • IBM-AppScan-Enterprise.
    • IBM-AppScan-Standard.
    • Qualys.
    • Whitehat.
  7. ClickUpdate. The update file is imported, and the Update Signatures dialog box changes to a format nearly identical to that of the Modify Signatures Object dialog box, which is described in “Configuring or Modifying a Signatures Object.” TheUpdate Signatures Objectdialog box displays all branches with new or modified signature rules, SQL injection or cross-site scripting patterns, and XPath injection patterns if there are any.
  8. Review and configure the new and modified signatures.
  9. When you are finished, clickOK, and then clickClose.
Updating a signature object
September 21, 2020
Contributed by:
S S
September 21, 2020
Contributed by:
S S

In this article

Site feedback | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999-Cloud Software Group, Inc. All rights reserved.