Jump to content
Welcome to our new Citrix community!
  • 0

Bot Management policy and WAF policy - which runs first?

Anthony Alarcon


Hope this is an easy one to answer.  I've looked through documentation on both subjects but couldn't find an answer (or was just not looking hard enough). 


So I've got both Bot Management and WAF features enabled on a device.  Let's say I have a Bot Management policy that is bound default globally and has a policy expression of "true".  And I've got a WAF policy bound to a VIP with an expression of "true".  Which will run first?  The Bot Management policy or the WAF policy?  I would imagine the Bot protection would run first to sort of screen the deluge of requests that come from bots of all types?  What if the WAF policy is also bound default globally with an expression of "true"?  Or does that even matter with the run order?

Link to comment

2 answers to this question

Recommended Posts

  • 0


BOT policies are processed before WAF.

The points where you bind a police (default global, Virtual Server, etc.) only matter (regarding order of processing) for policies of the same type (e.g. a WAF policy bound to the Virtual Server takes precedence over a WAF policy bound to default global)

Please see the NetScaler packet flow in this documentation: https://docs.netscaler.com/en-us/citrix-adc/current-release/getting-started-with-citrix-adc.html

This page explains the order of processing of different bind points: https://docs.netscaler.com/en-us/citrix-adc/current-release/appexpert/policies-and-expressions/configure-advanced-policy-expressions/bind-policies-using-advanced-policy.html#bind-points-and-order-of-evaluation


Hope it helps.

  • Like 1
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...