There are three parties that the NetScaler Application Firewall (AppFW) can change or check in the web application. These parts are:
- HTTP headers
- Forms / data
- Cookies
What you must know?
NetScaler AppFW checks the host header. Sometimes AppFW then add hidden fields to ensure better security for the application. Sometimes the value of hidden forms could be long, however, because of the security NetScaler AppFW, which was explained in the previous blog, it has no impact on memory usage. Basically, when you form field controls and URL closures, NetScaler AppFW does not store or use forms of memory.
To maintain the security of the application, the AppFW can change, remove or add headers in HTTP requests or responses. To send HTTP messages, requests or HTTP responses use headers. Citrix SE / Sales, you can use the knowledge base (KB) following CTX131488 for details on this.
What happens if it is the forms or data?
Any attack to amend or modify the content of the original form sent by the server will be protected by AppFW. AppFW may also protect against attacks Cross Site Forgery. AppFW do not change the data, roughly checks to ensure there are no attacks on them.
For cookies to maintain session state, the AppFW generates its own session cookie when the Web server responds to the first HTTP request from the web browser. Cookie will not be sent to the server. The above article KB through in comprehensive detail as there are different behaviors if AppFW a proxy cookies enabled or not enabled. we should perhaps go through this more in the next blog for those who want more information in the blog vs KB, if any, let me know.
0 Komentar