Signatures editor
You can use the signatures editor to add or modify a user-defined (local) signature rule to an existing signatures object. A local signature rule has the same attributes as a default signature rule from Citrix, and it functions in the same way. You enable or disable it, and configure the signature actions for it, just as you do for a default signature.
Add a local rule if you need to protect your websites and services from a known attack that the existing signatures do not match. For example, you might discover a new type of attack and determine its characteristics by examining the logs on your web server, or you might obtain third-party information about a new type of attack.
At the heart of a signature rule are the rule模式, which collectively describe the characteristics of the attack that the rule is designed to match. Each pattern can consist of a simple string, a PCRE-format regular expression, or the built-in SQL injection or cross-site scripting patterns.
You might want to modify a signature rule by adding a new pattern or modifying an existing pattern to match an attack. For example, you might find out about changes to an attack, or you might determine a better pattern by examining the logs on your web server, or from third-party information.
To add or modify a local signature rule by using the Signatures Editor
Navigate toSecurity > Citrix Web App Firewall > Signatures.
在细节窗格中,选择签名对象that you want to edit, and then clickOpen.
In theModify Signatures Objectdialog box, in the middle of the screen beneath theFiltered Resultswindow, do one of the following:
- To add a new local signature rule, click Add.
- To modify an existing local signature rule, select that rule, and then clickOpen.
In theAdd Local Signature Ruleor theModify Local Signature Ruledialog box, configure the actions for a signature by selecting the appropriate check boxes.
- Enabled.Enables the new signature rule. If you do not select this, this new signature rule is added to your configuration, but is inactive.
- Block.Blocks connections that violate this signature rule.
- Log.Logs violations of this signature rule to the Citrix ADC log.
- Stat.Includes violations of this signature rule in the statistics.
- Remove.Strips information that matches the signature rule from the response. (Applies only to response rules.)
- X-Out.Masks information that matches the signature rule with the letter X. (Applies only to response rules.)
- Allow Duplicates.Allows duplicates of this signature rule in this signatures object.
Choose a category for the new signature rule from theCategorydrop-down list.
You can also create a category by clicking the icon to the right of the list and using the Add Signature Rule Category dialog box to add a new category to the list. The rule you are modifying is automatically added to the new category. For instructions, seeTo add a signature rule category.
In theLogStringtext box, type a brief description of the signature rule to be used in the logs.
In theCommenttext box, type a comment. (Optional)
Click More…, and modify the advanced options.
- To strip HTML comments before applying this signature rule, in the Strip Comments drop-down list choose All or Exclude Script Tag.
- To set CSRF Referer Header checking, in the CSRF Referrer Header checking radio button array, select either the If Present or Always radio button.
- To manually modify the Rule ID assigned to this local signature rule, modify the number in the Rule ID text box. The ID must be a positive integer between 1000000 and 1999999 that has not already been assigned to a local signature rule.
- To assign a version number to the new signature rule, modify the number in the Version Number text box.
- To assign a Source ID, modify the string in the Source ID text box.
- To specify the source, choose Local or Snort from the Source drop-down list, or click the Add icon to the right of the list and add a new source.
- To assign a harm score to violations of this local signature rule, type a number between 1 and 10 in the Harm Score text box.
- To assign a severity rating to this local signature rule, in the Severity drop-down list choose High, Medium, or Low, or click the Add icon to the right of the list and add a new severity rating.
- To assign a violation type to this local signature rule, in the Type drop-down list choose Vulnerable or Warning, or click the Add icon to the right of the list and add a new violation type.
In thePatternslist, add or edit a pattern.
- To add a pattern, clickAdd. In theCreate New Signature Rule Pattern对话框中,添加一个或多个patterns for your signature rule, and then clickOK.
- To edit a pattern, select the pattern, and then clickOpen. In theEdit Signature Rule Patterndialog box, modify the pattern, and then clickOK.
For more information about adding or editing patterns, seeSignature Rule Patterns.
ClickOK.