Jump to content
Welcome to our new Citrix community!
  • 0

How do I tell if I'm using a "WASC 1.0" or "WASC 2.0" WAF signature types?

Anthony Alarcon


This is probably a stupid question but I'm not too terribly proficient with Citrix ADC WAF.  My question is how do I tell if I'm using WASC 1.0 or WASC 2.0 signatures?  

I ask because we had a cybersecurity firm run a series of penetration tests on a number of our public facing applications.  They came up with a bunch of items that need to be fixed.  A bunch of the minor and medium risks found were remedied with some rewrite policies, cleaning up weak ciphers, securing NetScaler cookies, and setting the "Secure" and "HttpOnly" flags on server response cookies. 


The one major issue that they found is that there are no "anti-automation" protections in place.  Their suggestion was to make sure we have WAF protection (I did not have the lb vservers on any WAF policies at the time of penetration testing).  Well, I've got WAF protection now for the apps but I'm wondering if that's enough.  I can't find any documentation locally about any "anti-automation" protection. 


But then I found this article:  https://docs.citrix.com/en-us/citrix-adc/12-1/application-firewall/appendixes/signatures-whitehat.html  


It states that the "WASC 2.0 signature types" can counter the "anti-automation" vulnerabilities.  But I have no idea what to look for unfortunately because I'm not that well versed in Citrix ADC WAF.  Will invest in some training when I get free time.


I also am not sure if I should put a set of rate limiters on the vulnerable vservers.  (Another thing I don't know much about but intend to investigate.)


Firmware is 12.1

Common security checks that set to block are "Buffer Overflow", "Credit Card", "HTML Cross-Site Scripting", and "HTML SQL Injection".

WAF Signature is 102

Link to comment

1 answer to this question

Recommended Posts

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...