JSON Cross-Site Scripting protection check

If an incoming JSON payload has a malicious cross-site scripting data, WAF blocks the request. The following procedures explain how you can configure this through CLI and GUI interfaces.

Configure JSON Cross-Site Scripting protection

For configure JSON cross-site scripting protection, you must complete the following steps:

1. Add application firewall profile as JSON.
2. Configure JSON cross-site scripting action to block cross-site scripting malicious payload

Add application firewall profile of type JSON

You must first create a profile that specifies how the application firewall must protect your JSON web content from JSON cross-site scripting attack.

At the command prompt, type:

添加appfw概要文件<名称>类型(HTML | XML | JSON)

Note:

When you set the profile type as JSON, other checks such as HTML or XML will not applicable.

Example

add appfw profile profile1 –type JSON

Sample output for JSON cross-site scripting violation

JSONcross-site scriptingAction: block log stats Payload: {"username":"X","password":"xyz"} Log message: Aug 19 06:57:33  10.106.102.21 08/19/2019:06:57:33 GMT 0-PPE-0 : default APPFW APPFW_JSON_cross-site scripting 58 0 : 10.102.1.98 12-PPE0 - profjson http://10.106.102.24/ Cross-site script check failed for object value(with violation="Bad URL: jAvAsCrIpT:alert(1)") starting at offset(12).  Counters 1 357000 1 as_viol_json_xss 3 0 1 as_log_json_xss 5 0 1 as_viol_json_xss_profile appfw__(profjson) 7 0 1 as_log_json_xss_profile appfw__(profjson) 

Configure JSON Cross-Site Scripting action

You must configure one or more JSON cross-site scripting actions to protection your application from JSON Cross-Site Scripting attacks. At the command prompt, type:

set appfw profile - JSONcross-site scriptingAction [block] [log] [stats] [none]

Example

set appfw profile profile1 –JSONcross-site scriptingAction block

The available Cross-Site Scripting actions are: Block - Block connections that violate this security check. Log - Log violations of this security check. Stats - Generate statistics for this security check. None - Disable all actions for this security check.

Note: To enable one or more actions, type “set appfw profile - JSONcross-site scriptingAction “ followed by the actions to be enabled.

Example

set appfw profile profile1 -JSONSQLInjectionAction block log stat

Configure JSON Cross Site Scripting (cross-site scripting) protection by using Citrix GUI

Follow the procedure below to set the Cross Site Scripting (cross-site scripting) protection settings.

1. On the navigation pane, navigate toSecurity>Profiles.
2. In theProfilespage, clickAdd.
3. In theCitrix Web App Firewall Profilepage, clickSecurity ChecksunderAdvanced Settings.
4. In theSecurity Checkssection, go toJSON Cross-Site Scripting (cross-site scripting)settings.

5. Click the executable icon near the checkbox.

   

6. ClickAction Settingsto access theJSON Cross-Site Scripting Settingspage.
7. Select the JSON cross-site scripting actions.

8. ClickOK.

   

9. In theCitrix Web App Firewall Profilepage, clickRelaxation RulesunderAdvanced Settings.

10. InRelaxation Rulessection, select JSON Cross-Site Scripting settings and clickEdit.

    

11. In theJSON Cross-Site Scripting Relaxation Rulepage, clickAddto add a JSON Cross-Site Scripting relaxation rule.
12. Enter the URL to which the request has to be sent. All requests sent to this URL will not be blocked.

13. ClickCreate.