Contact Support
  • Open or view cases
  • Chat live
  • Site feedback
Sign in
Contact Support
  • Open or view cases
  • Chat live
  • Site feedback

Customers who viewed this article also viewed

{{item.title}}
banner
CTX130546 {{tooltipText}}

Differences Between Basic and Advanced Application Firewall Profiles

Article | 配置 | {{likeCount}} found this helpful| Created: {{articleFormattedCreatedDate}} | Modified: {{articleFormattedModifiedDate}}
downloadWhy can't I download this file? Log in to Verify Download Permissions

Applicable Products

  • NetScaler

Information

This article contains information about Sessionization and the differences between a basic Application Firewall profile and an advanced Application Firewall profile.

Application Firewall Profile

When creating an Application Firewall profile, you are presented with the following two options:

  • Basic

  • Advanced

These options determine the learning mode and types of security checks that must be enabled. After the profile is created, the profile is not labeled as basic or advanced. If you choose basic when creating the profile, then the learning mode is not enabled by default.

If you choose advanced when creating the profile, then learning mode is enabled by default.

When you create a basic Application Firewall profile, the following security checks are enabled as shown in the screen shot:

User-added image

When you create an advanced Application Firewall profile, the only security check that is disabled is Credit Card protection.

The following screen shot shows the security checks in an advanced Application Firewall profile:

User-added image

Sessionization

The security checks disabled in the basic Application Firewall profile all operate on objects in the HTTP response. Therefore, these security checks are more resource intensive. When the Application Firewall performs response side protections, it needs to remember information sent to each individual client.

For example, if a form is protected by the Application Firewall, form field information sent in the response is retained in memory. When the client submits the form in the next subsequent request, it is checked for inconsistencies before the information is sent to the Web Server. This concept is referred to as Sessionization.

Security checks such as URL Enclosure within Start URL, Cookie Consistency, Form Field Consistency and CSRF Form Tagging all imply Sessionization. The amount of CPU and memory resources utilized by these security checks increments linearly with the number of requests sent through the Application Firewall.

Additional Resources

Summary

This article contains information about Sessionization and the differences between a basic Application Firewall profile and an advanced Application Firewall profile

http://docs.citrix.com/en-us/netscaler/11-1/application-firewall/configuring-application-firewall.html

You rated this page as
You rated this page as
Name is required
Submit

Featured Products

Failed to load featured products content, Please试一试gain.

{{ getHeading('digitalWorkspaces') }}

{{ getHeading('networking') }}
View support numbers
Share this page