Jump to content
Welcome to our new Citrix community!
  • 0

Web Application Firewall : CSRF Tagging blocked


Zach Sheppard1709161559

Question

Currently have a DMS corporate system that being protected via NetScaler WAF profile.

 

At present we have thousands of documents within the DMS and instead of learning each and every single url and add to the relaation ruleset, I'd like to look at implementing a generic relaxation rule to catch all/most.

 

the URL in question is similar to below;

 

URL - https://subdomain.domain.com/upload/docs/application/pdf/2017-12/guideoutlook.pdf

Found within Relaxation Rule ^https://subdomain\.domain\.com/upload/docs/application/pdf/2017\-12/guideoutlook\.pdf$

 

I've tried to follow this information found within the Citrix site;

https://docs.citrix.com/en-us/netscaler/12/application-firewall/form-protections/cross-site-request-forgery-check.html

 

Managed to devise this rule, however it doesn't seem to work effectively;

bind appfw profile TEST-Appfw-profile -CSRFTag "^http://$" "^[^?<>]*/upload/docs/application\[^?<>]*$" -comment "Manually deployed"

 

Any ideas on how to get this working would be greatly appreciated.

Link to comment

1 answer to this question

Recommended Posts

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...