JSON Cross-Site Scripting protection check
If an incoming JSON payload has a malicious cross-site scripting data, WAF blocks the request. The following procedures explain how you can configure this through CLI and GUI interfaces.
Configure JSON Cross-Site Scripting protection
For configure JSON cross-site scripting protection, you must complete the following steps:
- Add application firewall profile as JSON.
- Configure JSON cross-site scripting action to block cross-site scripting malicious payload
Add application firewall profile of type JSON
You must first create a profile that specifies how the application firewall must protect your JSON web content from JSON cross-site scripting attack.
At the command prompt, type:
添加appfw概要文件<名称>类型(HTML | XML | JSON)
Note:
When you set the profile type as JSON, other checks such as HTML or XML will not applicable.
Example
add appfw profile profile1 –type JSON
Sample output for JSON cross-site scripting violation
JSONcross-site scriptingAction: block log stats Payload: {"username":"X","password":"xyz"} Log message: Aug 19 06:57:33 10.106.102.21 08/19/2019:06:57:33 GMT 0-PPE-0 : default APPFW APPFW_JSON_cross-site scripting 58 0 : 10.102.1.98 12-PPE0 - profjson http://10.106.102.24/ Cross-site script check failed for object value(with violation="Bad URL: jAvAsCrIpT:alert(1)") starting at offset(12). Counters 1 357000 1 as_viol_json_xss 3 0 1 as_log_json_xss 5 0 1 as_viol_json_xss_profile appfw__(profjson) 7 0 1 as_log_json_xss_profile appfw__(profjson)
Configure JSON Cross-Site Scripting action
You must configure one or more JSON cross-site scripting actions to protection your application from JSON Cross-Site Scripting attacks. At the command prompt, type:
set appfw profile
Example
set appfw profile profile1 –JSONcross-site scriptingAction block
The available Cross-Site Scripting actions are: Block - Block connections that violate this security check. Log - Log violations of this security check. Stats - Generate statistics for this security check. None - Disable all actions for this security check.
Note: To enable one or more actions, type “set appfw profile - JSONcross-site scriptingAction “ followed by the actions to be enabled.
Example
set appfw profile profile1 -JSONSQLInjectionAction block log stat
Configure JSON Cross Site Scripting (cross-site scripting) protection by using Citrix GUI
Follow the procedure below to set the Cross Site Scripting (cross-site scripting) protection settings.
- On the navigation pane, navigate toSecurity>Profiles.
- In theProfilespage, clickAdd.
- In theCitrix Web App Firewall Profilepage, clickSecurity ChecksunderAdvanced Settings.
- In theSecurity Checkssection, go toJSON Cross-Site Scripting (cross-site scripting)settings.
Click the executable icon near the checkbox.
- ClickAction Settingsto access theJSON Cross-Site Scripting Settingspage.
- Select the JSON cross-site scripting actions.
ClickOK.
- In theCitrix Web App Firewall Profilepage, clickRelaxation RulesunderAdvanced Settings.
InRelaxation Rulessection, select JSON Cross-Site Scripting settings and clickEdit.
- In theJSON Cross-Site Scripting Relaxation Rulepage, clickAddto add a JSON Cross-Site Scripting relaxation rule.
- Enter the URL to which the request has to be sent. All requests sent to this URL will not be blocked.
ClickCreate.