So, I have set up a gateway vserver for integration with citrix MDM (XenMobile) and it is being protected by WAF policies.
Mobile device's users utilize SecureHub to access internal and external websites. There's a website failing because it uses websockets.
I know that I can enable Websockets on an HTTP profile and bind it to the gateway vserver, however I am worried about the security implications of doing so due to the note in the GUI saying: "If enabled, once a connection is upgraded to wss, Citrix ADC does not process layer 7 traffic on that connection". So my concern is: does that mean that WAF policies won't be enforced? Will all the traffic bypass the waf?
Is there any WAF featuree desinged specifically for webosockets security?
Question
Felipe Ruiz1709162764
So, I have set up a gateway vserver for integration with citrix MDM (XenMobile) and it is being protected by WAF policies.
Mobile device's users utilize SecureHub to access internal and external websites. There's a website failing because it uses websockets.
I know that I can enable Websockets on an HTTP profile and bind it to the gateway vserver, however I am worried about the security implications of doing so due to the note in the GUI saying: "If enabled, once a connection is upgraded to wss, Citrix ADC does not process layer 7 traffic on that connection". So my concern is: does that mean that WAF policies won't be enforced? Will all the traffic bypass the waf?
Is there any WAF featuree desinged specifically for webosockets security?
Link to comment
5 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now