Jump to content

  • Articles

    Show all categories
    Guest
    NetScaler WAF Signatures Update v122
     NetScaler has released a new version of its integrated Web App Firewall signatures to help customers mitigate several CVEs with variable CVSS.
    CVE-2023-50968: This vulnerability is an arbitrary file properties reading flaw in Apache Software Foundation Apache OFBiz. When a user operates an URI call without authorizations, the same URI can be operated to realize a server-side request forgery (SSRF) attack also without authorizations. The vulnerability has been fixed in version 18.12.11, and users are recommended to upgrade to this version.
    CVE-2023-51467: This vulnerability is an authentication bypass flaw in Apache OFBiz. A threat actor sends an HTTP request to exploit a flaw in the checkLogin function. When null or invalid username and password parameters are supplied and the requirePasswordChange parameter is set to Y in the URI, the checkLogin function fails to validate the credentials, leading to authentication bypass. The vulnerability has been patched in Apache OFBiz product version 18.12.11 or above.
    It is important to protect against these vulnerabilities as they can lead to unauthorized access to the system, compromising confidential information and disrupting vital services. The exploit might also create opportunities for supply chain attacks. Therefore, it is recommended that users upgrade to the latest version of Apache OFBiz (version 18.12.11 or above) to mitigate these vulnerabilities.
      Signatures included in v122:
    Rule
    CVE ID
    Description
    998554
    CVE-2023-51467
    WEB-MISC Apache Ofbiz Multiple Versions - Server-Side Request Forgery Vulnerability (CVE-2023-51467)
    998555
    CVE-2023-50968
    WEB-MISC Apache Ofbiz Multiple Versions - Server-Side Request Forgery Vulnerability (CVE-2023-50968)
    998557
    CVE-2023-48777
    WEB-WORDPRESS Elementor Plugin Prior to 3.18.1 - File Upload/Remote Code Execution Vulnerability Via ID (CVE-2023-48777)
    998560
    CVE-2023-49105
    WEB-MISC ownCloud Prior to 10.13.1 - Access Control Bypass Vulnerability (CVE-2023-4105)
    999415
    CVE-2020-9446
    WEB-MISC Apache OFBiz 17.12.03 - XML-RPC Unsafe Deserialization Vulnerability (CVE-2020-9446)
    999416
    CVE-2020-9446
    WEB-MISC Apache OFBiz 17.12.03 - XML-RPC Cross-Site Scripting Vulnerability (CVE-2020-9446)
     NetScaler customers can quickly import the above signatures to help reduce risk and lower exposure associated with these vulnerabilities. Signatures are compatible with NetScaler (formerly Citrix ADC) software version 11.1, 12.0, 12.1, 13.0 and 13.1. NOTE: Software versions 11.1 and 12.0 are end of life, and you should consider upgrading for continued support. Learn more about the NetScaler software release lifecycle.
     If you are already using NetScaler Web App Firewall with the signature auto-update feature enabled, verify that your signature file version is 122 or later and then follow these steps.
    Search your signatures for <number> Select the results with ID  Choose “Enable Rules” and click OK  
    NetScaler WAF Best Practices
    NetScaler recommends that WAF users always download the latest signature version, enable signature auto-update, and subscribe to receive signature alert notifications. NetScaler will continue to monitor this dynamic situation and provide updates as new mitigations become available.
     Handling false positives
    If app availability is affected by false positives that result from the above mitigation policies, relaxations can be applied. NetScaler recommends the following modifications to the policy.
     
    Modifications to NetScaler Web App Firewall Policy:
    add policy patset exception_list
    # (Example: bind policy patset exception_list “/exception_url”) 
    Prepend the existing WAF policy with:
    HTTP.REQ.URL.CONTAINS_ANY(“exception_list”).NOT
    # (Example :  set appfw policy my_WAF_policy q^HTTP.REQ.URL.CONTAINS_ANY(“exception_list”).NOT && <existing rule>^
    NOTE: Any endpoint covered by the exception_list may expose those assets to risks 
    Additional Information
    NetScaler Web App Firewall benefits from a single code base across all its form-factors (physical, virtual, bare-metal, and containers). This signature update applies to all form factors and deployment models of NetScaler Web App Firewall.
    Learn more about NetScaler Web app Firewall, read our alert articles and bot signature articles to learn more about NetScaler WAF signatures, and find out how you can receive signature alert notifications.
    Please join the NetScaler Community today and engage with your peers to learn more about how they are protecting their businesses with NetScaler WAF. 
     
     
     
     
     
    Chris Chau
    Join our upcoming webinar to explore the intricate landscape of cloud deployments, encompassing dependencies like security groups, IAM roles, and much more at the cloud environment level. For customers transitioning from on-premises to the cloud, replicating the NetScaler deployments could be daunting. However, our NetScaler Cloud Sanity Checker tool guarantees deployment accuracy in every aspect and provides actionable insights for error scenarios.
     
    In this live demo, NetScaler experts will cover:
    Overview of NetScaler Public Cloud Common challenges with cloud deployments How NetScaler Cloud Sanity Checker Tool works Details information can be found in the following eDoc link:
    NetScaler Hybrid Multicloud Deployment: https://docs.netscaler.com/en-us/netscaler-console-service/hybrid-multi-cloud-deployments For more latest NetScaler technical information, please feel free to visit and register our NetScaler Community: https://community.netscaler.com
     

     
    Chris Chau
    Join us for a live demonstration session where we will dive into the art of tuning the NetScaler VPX running on ESX for the best performance. Get ready to explore the keys to achieve top-tier efficiency in this interactive, hands-on session.
     
    In this live demo, we will:
    Uncover the techniques and best practices to supercharge your application delivery and network performance Details information can be found in the following eDoc link:
    Optimize the NetScaler VPX Performance: https://docs.netscaler.com/en-us/citrix-adc/current-release/deploying-vpx/vpx-performance-on-esx-kvm-xen.html For more latest NetScaler technical information, please feel free to register and visit our NetScaler Community: https://community.netscaler.com
     

     
    Chris Chau
    When NetScaler is deployed as a proxy for application deployments, NetScaler inspects each user request or response for global routing and local data center routing. With the thousands of logs and counters provided by NetScaler you can have granular information about HTTP, TCP, SSL, and DNS packets. You can leverage such rich data and insights from NetScaler to troubleshoot and pinpoint issues. You can export the data from NetScaler to your preferred observability endpoints to create visualizations and get real-time, granular application insights.
     
    NetScaler Intelligent Traffic Management (ITM) provides a revolutionary approach to Global Traffic Management/Global Server Load Balancing (GTM/GSLB). The mission of NetScaler ITM is to enable next-generation cloud strategies based on real-time Internet data feeds. The platform provides a highly robust means to ingest real-time data from various Internet sources and provides a DNS-based approach to Load-balancing. ITM uses DNS CNAME or records where its DNS responses can be altered in real-time based on the required business logic.
     
    In this demo, we will cover:
    Internet health monitoring: Internet visibility using NetScaler ITM Infrastructure health monitoring: exporting NetScaler logs and events to Splunk Details information can be found in the following eDoc link:
    NetScaler Intelligent Traffic Management (ITM): https://docs.netscaler.com/en-us/citrix-intelligent-traffic-management/openmix NetScaler Observability: https://docs.netscaler.com/en-us/citrix-adc/current-release/observability.html For more latest NetScaler technical information, please feel free to register and visit our NetScaler Community: https://community.netscaler.com
     

     
    Uttam Somani
    Author : Uttam Somani, Bibek Ranjan Sahu
     
    In today’s digital world, where online privacy and security are paramount, the need for robust security tools and systems has become increasingly obvious. The domain name system or DNS, as it is called is one of the most critical parts of internet communication, that translates human-readable domain names into machine-readable IP addresses. The traditional DNS protocol operates over plain text, leaving it vulnerable to interception and potential manipulation by malicious entities. DNS over TLS (DoT) has emerged as one of the most important solutions to reinforce the security and privacy of DNS queries and responses. 
     DNS over TLS (DoT) is a network security protocol that enhances the privacy and integrity of Domain Name System (DNS) queries by encrypting the communication between DNS clients and servers. By aligning with the DNS PRIVate Exchange (DPRIVE) RFC 7858 standards and specifications, NetScaler ensures that its DoT implementation meets the industry-recognized privacy and security standards. The traditional DNS resolution process makes it susceptible to eavesdropping and potential data manipulation. DoT addresses these security concerns and more by adding a layer of encryption to the DNS communication. Here’s how:
    Encryption of DNS Queries:  DoT encrypts the entire communication channel between clients and DNS resolvers for heightened privacy.
    TLS Protocol:
    Utilizes Transport Layer Security (TLS) to secure connections, similar to HTTPS, preventing unauthorized access and man-in-the-middle attacks. Improved Privacy:
    Shields DNS queries from network surveillance, enhancing user privacy, especially on untrusted networks  Mitigation of DNS Spoofing:
    Encrypting DNS transactions in DNS over TLS helps mitigate DNS spoofing and tampering risks, ensuring authentic responses. NetScaler supports DoT by encrypting both authoritative DNS (ADNS) and DNS proxy modes. The new DoT service type decrypts encrypted DNS requests, validates packet formats, and ensures secure client responses. This advancement underscores NetScaler's commitment to fortifying DNS communication channels with encryption protocols.

    Configuration of DoT in proxy mode
    You can set up an LB Vserver and backend service of type DoT. NetScaler initiates TLS handshakes with the client and server to establish a secure TLS connection. Subsequently, clients transmit encrypted DNS queries to NetScaler, which decrypts them, applies any configured DNS or SSL policies on the virtual server, re-encrypts the request, and forwards it to the backend server. The server responds with an encrypted DNS reply, which Netscaler decrypts, applies configured policies if present, re-encrypts the response, and sends it back to the client. It is essential to bind the SSL server certificate to enable the LB virtual server of DOT type.
     Flexible Security Configurations: Mixed Mode Support in NetScaler's Proxy Mode NetScaler introduces mixed mode support, allowing the configuration of (DoT + DNS_TCP) or (DNS_TCP + DoT) for both frontend and backend service types. This flexibility empowers users to secure the frontend listening channel while trusting the backend, or vice versa, adapting to specific security requirements.
     
    DNS Secure Caching If a record is requested via a secure channel (either Vserver or service is of type DoT), NetScaler caches the record as a secure record, or else it is an insecure record. Now, if a request for that specific record comes through a secure channel, NetScaler will provide it instantly. However, if the request is in a secure channel, and NetScaler does not have the secure record in the memory (cache), it won't serve the record from the cache. Instead, NetScaler will directly contact the source (backend server), read the most recent data, and share the secure record while updating the cache as a secured record. If the Vserver or service isn’t of type DoT, it will continue to work with an unsecured cache.

     

     
    Configuring DoT in ADNS mode:
    NetScaler can configure the ADNS_DOT service type for ADNS service, where it works as a listening service that accepts encrypted DNS queries from clients. If a corresponding record for the domain is available in the Netscaler, it responds with encrypted information, otherwise, it sends an empty response. You have the flexibility to set up records directly on the NetScaler. To make this listening entity operational, binding an SSL certificate is crucial, ensuring secure communication in every interaction. This encrypted communication adds additional security to DNS transactions.
    For more information, please visit NetScaler docs
    Conclusion
    Securing DNS queries is crucial for safeguarding online privacy and enhancing overall security. Implementing DNS over TLS (DoT) is a highly effective measure to encrypt these queries, thereby reducing the vulnerabilities associated with data interception and DNS attacks. NetScaler has already incorporated this technology to enhance online security, introducing additional security features aimed at fortifying protection for online users. These enhancements are designed to defend against emerging threats that could jeopardize the security and privacy of your business. Furthermore, we have introduced the Automated Signature Roll-over feature in DNSSEC. For more details on this topic, refer to this article.
    Nagaraj Harikar
    Authors: Nagaraj Harikar, Dinesh Bansal

    In the realm of the internet infrastructure, DNSSEC (Domain Name System Security Extensions) plays a crucial role in safeguarding domain names and the associated data they point to. It employs cryptographic signatures to verify the authenticity and integrity of DNS records, preventing unauthorized modifications and protecting against DNS spoofing attacks. However, maintaining the effectiveness of DNSSEC requires regular key rollovers to ensure the continued validity of these signatures.
    Traditional key rollovers, often performed manually, can be a time-consuming and error-prone process. Automated DNSSEC signature rollover has emerged as a powerful and efficient solution to streamline this essential task.
    Understanding DNSSEC Key Rollover
    DNSSEC keys are employed to generate digital signatures that authenticate DNS records. These keys have a defined lifespan, and their timely renewal is essential for maintaining the integrity of DNSSEC protection. Key rollovers involve replacing the existing keys with new ones, ensuring that the cryptographic signatures remain valid and effective.
    Manual vs. Automated Key Rollover
    Manual key rollovers, while effective, can be cumbersome and prone to human error. As shown in the steps below, the process involves generating new keys, updating the DNS zone, and propagating the changes across the DNS hierarchy. This manual intervention can be time-consuming and increases the risk of errors, potentially leading to disruptions in DNS resolution.

    Figure 1: DNSSEC Key rollover steps
     
    Steps involved in creating a new key:
     The first step involves creating a new cryptographic key on NetScaler. This key can be either a Zone Signing Key (ZSK) or a Key Signing Key (KSK) (create DNS key).  In the second step, the newly created key is published. However, it cannot be used to sign any records (add DNS key). The published key is now active for use and is added to the zone to sign the zone (sign DNS zone). In the final step, the old key is deactivated and no longer used to sign any records (unsign DNS zone). Once the new signatures have been propagated and the old signatures are no longer needed, the old key is removed (remove DNS key). The entire process from step A to step D needs to be repeated in order to create a new ZSK or KSK.
    In the automated key rollover process, the steps from A to D are automated using the DNSSEC key rollover feature on NetScaler, which simplifies the key management and rollover tasks. For more information, refer to the Zone Maintenance documentation.
    Automatic Distribution of DNSSEC Keys in GSLB Deployments
    Earlier, if a global server load balancing (GSLB) domain was signed by a DNSSEC key that required a rollover, you had to create the keys on one of the GSLB site nodes and manually transfer these to other GSLB sites using scp or some other tool before they could be used. Now, this entire process can be automated by enabling the DNS zone transfer parameter and ensuring the AutomaticConfigSync option is enabled. For more information, refer to the Zone Maintenance for GSLB deployments.
    Benefits of Automated DNSSEC Signature Rollover
    Automated DNSSEC signature rollover offers several compelling advantages:
    Reduced Operational Overhead: Automation eliminates the need for manual intervention, freeing up IT staff to focus on other critical tasks. Enhanced Security: NetScaler can perform rollovers more consistently and accurately, minimizing the risk of human error and any potential security vulnerabilities. Improved Efficiency: Automation streamlines the rollover process, reducing the time and resources required to maintain DNSSEC protection. Reduced Disruptions: NetScaler can perform rollovers without disrupting DNS resolution, ensuring consistent service availability. Implementing Automated DNSSEC Signature Rollover
     As mentioned above, there are two types of keys used by DNSSEC: Zone Signing Key (ZSK) and Key Signing Key (KSK). ZSK-type key is used to sign DNS resource records of various types such as A, AAAA, NS, SOA, etc. KSK-type key is used to sign DNSKEY records. Usually, the KSK-type key is created with a stronger algorithm and a bigger key size. 

    Figure 2: Automatic DNSSEC key rollover with NetScaler
     
    In the following example, we use the ‘create DNS key’ command to generate a DNSSEC key (example.ksk) of type KSK in zone example.com with key size 1024 using algorithm RSASHA256. Then we publish this key in the zone ‘add DNS key’ command with auto-rollover enabled.The key has an expiry period of ten days and needs to roll over five days before the expiry determined by the notification period. Then use the ‘sign DNS zone’ command to use this key to sign the records under DNS Zone ‘example.com.’ All these steps will be performed automatically at the time of rollover of the successor key since auto-rollover is enabled on the key. This process with a rollover period R is shown in Figure 2 above.
      
    Figure 3: Example of configuring auto-rollover of DNSSEC key
     Conclusion
    The Automated DNSSEC Signature Rollover feature will be critical for maintaining the effectiveness of DNSSEC protection. Streamlining the key rollover process, it reduces administrative burden, enhances security, and ensures the integrity of DNS records. As the demand for secure and reliable DNS services grows, automated DNSSEC signature rollover will play an increasingly important role in safeguarding the internet infrastructure.
    NetScaler also supports DNS over TLS, which encrypts DNS queries, enhancing privacy and security by safeguarding against potential eavesdropping and manipulation of domain name resolution, ensuring a safer online experience.
     
    Ravi Shekhar
    NetScaler VPX 's storage allocation is pivotal and contingent upon your sizing estimations. By default, it offers a standard storage capacity of 20GB.

    If your data storage needs surpass this limit, attaching an additional disk becomes essential. This extra disk typically defaults to the /var/crash path, intended for storing heavy core-dumps and crash files.
    Yet, various folders within /var, such as nsinstall, nstrace, log etc., often contribute to space consumption, potentially impacting storage availability.
    In this article, we unveil an easy yet effective strategy to optimize storage by leveraging the additional disk for folders that might consume excessive space.
    In this article, we will give you a simple hack on how to utilize the additional disk for any folder that may consume more space.

    Key Considerations:
    Evaluate and estimate storage needs before attaching an extra disk.
    For NetScaler VPX deployments, we recommend using solid-state drive (SSD) technology.
    Step by Step Guide
    In this example, we bring you the detailed instructions on mapping the /var/log folder to the additional disk on a NetScaler VPX instance running on an ESXi hypervisor has been provided. 
    Step 1 - Shut down the NetScaler VPX virtual machine (if running) from the hypervisor management console

    Step 2 - Add a new virtual hard disk


    Step 3 - Power on the virtual machine

    Step 4 - The new virtual disk will be mounted at /var/crash after NetScaler VPX  boots up. 
    Please note that the mounted partition will be slightly smaller than the actual virtual disk size



    Step 5 - Create a new directory within /var/crash that will later replace the existing directory from your NetScaler VPX



    Step 6 - Use the new disk for storing all log files, you can create the log directory inside /var/crash

    Step 7 - Copy/move all files recursively from the old directory (/var/log/) to new directory (/var/crash/log/)

    Step 8 - Once the file operation has completed, delete the old directory (eg., /var/log/) and create a symlink at it's place pointing to the new directory (/var/crash/log/)



    Step 9 - Now the NetScaler ADC VPX will use the newly added disk for all files stored inside this directory

    In a similar way, multiple directories can be created inside /var/crash following the same method each mapped to a different directory path on the system (/root, /var/core, etc.)
    NetScaler Cyber Threat Intelligence
    CVE-2023-50164: Apache Struts - Files or Directories Accessible to External Parties - (v120 signature update published )
     NetScaler CTRI Team
    Last Updated: 12/13/2023
     
     
     
    Description:
     A security vulnerability, identified as CVE-2023-50164, has been discovered in Apache Struts, a popular, open-source framework for building Java web applications.
     The vulnerability affects the file upload functionality of versions prior to Apache Struts 2.5.33 and Struts 6.3.0.2. The problem stems from how the framework handles the HTTP parameters related to file uploading.
     An unauthenticated, remote attacker can manipulate file upload parameters to perform unauthorized path traversal. This could allow the attacker to upload malicious files on the server and potentially execute arbitrary code remotely.
     Please follow the guidelines as recommended by the vendor in their Security Bulletin
     NetScaler CTRI :
    NetScaler CTRI team is actively investigating this issue and will provide an update on the mitigation steps and a WAF Signature soon. 
     
    Update: Signature v120 published
     References: 
    https://nvd.nist.gov/vuln/detail/CVE-2023-50164  
     
    NetScaler Cyber Threat Intelligence
    NetScaler WAF Signatures Update v120
     NetScaler has released a new version of its integrated Web App Firewall signatures to help customers mitigate several CVEs with variable CVSS.
    The most critical is a security vulnerability, identified as CVE-2023-50164, which has been discovered in Apache Struts, a popular, open-source framework for building Java web applications. The vulnerability affects the file upload functionality of versions prior to Apache Struts 2.5.33 and Struts 6.3.0.2. The problem stems from how the framework handles the HTTP parameters related to file uploading.
    An unauthenticated, remote attacker can manipulate file upload parameters to perform unauthorized path traversal. This could allow the attacker to upload malicious files on the server and potentially execute arbitrary code remotely.
    Please follow the guidelines as recommended by the vendor in their Security Bulletin
      Signatures included in v120:
    Rule
    CVE ID
    Description
    998559
    CVE-2023-50164
    WEB-STRUTS Apache Struts Prior to 6.3.0.2 - Path Traversal Vulnerability (CVE-2023-50164)
    998560
    CVE-2023-49105
    WEB-MISC ownCloud Prior to 10.13.1 - Access Control Bypass Vulnerability (CVE-2023-4105)
    998561
    CVE-2023-49103
    WEB-MISC ownCloud Multiple Versions - Information Disclosure Vulnerability (CVE-2023-49103)
    998562
    CVE-2023-47246
    WEB-MISC SysAid Server On-Premise Prior to 23.3.36 - Path Traversal Vulnerability (CVE-2023-47246)
    998563
    CVE-2023-46509
    WEB-MISC Contec SolarView Compact 6.0 and Prior - OS Command Injection Vulnerability (CVE-2023-46509)
    998564
    CVE-2023-44450
    WEB-MISC NETGEAR ProSAFE Network Management System Prior to 1.7.0.31 - SQL Injection Vulnerability (CVE-2023-44450)
    998565
    CVE-2023-44449
    WEB-MISC NETGEAR ProSAFE Network Management System Prior to 1.7.0.31 - SQL Injection Vulnerability (CVE-2023-44449)
    998566
    CVE-2023-44351, CVE-2023-44353
    WEB-MISC Adobe ColdFusion - Deserialization of Untrusted Data Vulnerability (CVE-2023-44351, CVE-2023-44353)
    998567
    CVE-2023-43177
    WEB-MISC CrushFTP Prior to 10.5.1 - Improper Control of Dynamically-Managed Code Resources Vulnerability (CVE-2023-43177)
    998568
    CVE-2023-40062
    WEB-MISC SolarWinds Orion Prior to 2023.4.0 - Improper Input Validation Vulnerability Via TestAction (CVE-2023-40062)
    998569
    CVE-2023-40062
    WEB-MISC SolarWinds Orion Prior to 2023.4.0 - Improper Input Validation Vulnerability Via /api/WriteToFile/ (CVE-2023-40062)
    998570
    CVE-2023-40055
    WEB-MISC SolarWinds NCM Prior to 2023.4.1 - Directory Traversal Vulnerability Via SaveResultsToFile (CVE-2023-40055)
    998571
    CVE-2023-40054
    WEB-MISC SolarWinds NCM Prior to 2023.4.1 - Directory Traversal Vulnerability Via txtConfigTemplate (CVE-2023-40054)
    998572
    CVE-2023-40054
    WEB-MISC SolarWinds NCM Prior to 2023.4.1 - Directory Traversal Vulnerability Via txtPath (CVE-2023-40054)
    998573
    CVE-2023-39912
    Zoho ADManager Plus Prior to 7203 - Directory traversal Vulnerability (CVE-2023-39912)
    998574
    CVE-2023-35150
    WEB-MISC XWiki Multiple Versions - Arbitrary Code Injection Vulnerability (CVE-2023-35150)
    998575
    CVE-2023-32707
    WEB-MISC Splunk Enterprise - Escalation of Privileges Vulnerability (CVE-2023-32707)
    998576
    CVE-2023-30943
    WEB-MISC Moodle Prior to 4.1.3 - TinyMCE Loaders Stored Cross-Site Scripting Vulnerability Via loader (CVE-2023-30943)
    998577
    CVE-2023-30943
    WEB-MISC Moodle Prior to 4.1.3 - TinyMCE Loaders Stored Cross-Site Scripting Vulnerability Via lang (CVE-2023-30943)
    998578
    CVE-2023-2943
    WEB-MISC OpenEMR Prior to 7.0.1 - HTML Code Injection Vulnerability (CVE-2023-2943)
     NetScaler customers can quickly import the above signatures to help reduce risk and lower exposure associated with these vulnerabilities. Signatures are compatible with NetScaler (formerly Citrix ADC) software version 11.1, 12.0, 12.1, 13.0 and 13.1. NOTE: Software versions 11.1 and 12.0 are end of life, and you should consider upgrading for continued support. Learn more about the NetScaler software release lifecycle.
     If you are already using NetScaler Web App Firewall with the signature auto-update feature enabled, verify that your signature file version is 120 or later and then follow these steps.
    Search your signatures for <number> Select the results with ID  Choose “Enable Rules” and click OK  
    NetScaler WAF Best Practices
    NetScaler recommends that WAF users always download the latest signature version, enable signature auto-update, and subscribe to receive signature alert notifications. NetScaler will continue to monitor this dynamic situation and provide updates as new mitigations become available.
     Handling false positives
    If app availability is affected by false positives that result from the above mitigation policies, relaxations can be applied. NetScaler recommends the following modifications to the policy.
     
    Modifications to NetScaler Web App Firewall Policy:
    add policy patset exception_list
    # (Example: bind policy patset exception_list “/exception_url”) 
    Prepend the existing WAF policy with:
    HTTP.REQ.URL.CONTAINS_ANY(“exception_list”).NOT
    # (Example :  set appfw policy my_WAF_policy q^HTTP.REQ.URL.CONTAINS_ANY(“exception_list”).NOT && <existing rule>^
    NOTE: Any endpoint covered by the exception_list may expose those assets to risks 
    Additional Information
    NetScaler Web App Firewall benefits from a single code base across all its form-factors (physical, virtual, bare-metal, and containers). This signature update applies to all form factors and deployment models of NetScaler Web App Firewall.
    Learn more about NetScaler Web app Firewall, read our alert articles and bot signature articles to learn more about NetScaler WAF signatures, and find out how you can receive signature alert notifications.
    Please join the NetScaler Community today and engage with your peers to learn more about how they are protecting their businesses with NetScaler WAF. 
     
     
     
     
     

© Cloud Software Group, Inc. All rights reserved.

×
×
  • Create New...