-
-
The Signatures Editor
-
Signature Updates in High-Availability Deployment and Build Upgrades
-
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
The Signatures editor
You can use the signatures editor, which is available in the GUI, to add a new user-defined (local) signature rule to an existing signatures object, or to modify a previously configured local signature rule. Except that it is defined by the user (you), a local signature rule has the same attributes as a default signature rule from Citrix, and it functions in the same way. You enable or disable it, and configure the signature actions for it, just as you do for a default signature.
Add a local rule if you need to protect your web sites and services from a known attack that the existing signatures do not match. For example, you might discover a new type of attack and determine its characteristics by examining the logs on your web server, or you might obtain third-party information about a new type of attack.
At the heart of a signature rule are the rule patterns, which collectively describe the characteristics of the attack that the rule is designed to match. Each pattern can consist of a simple string, a PCRE-format regular expression, or the built-in SQL injection or cross-site scripting patterns.
You might want to modify a signature rule by adding a new pattern or modifying an existing pattern to match an attack. For example, you might find out about changes to an attack, or you might determine a better pattern by examining the logs on your web server, or from third-party information.
To add or modify a local signature rule by using the Signatures Editor
-
Navigate to Security > Citrix Web App Firewall > Signatures.
-
In the details pane, select the signatures object that you want to edit, and then click Open.
-
In the Modify Signatures Object dialog box, in the middle of the screen beneath the Filtered Results window, do one of the following:
- To add a new local signature rule, click Add.
- To modify an existing local signature rule, select that rule, and then click Open.
-
In the Add Local Signature Rule or the Modify Local Signature Rule dialog box, configure the actions for a signature by selecting the appropriate check boxes.
- Enabled. Enables the new signature rule. If you do not select this, this new signature rule is added to your configuration, but is inactive.
- Block. Blocks connections that violate this signature rule.
- Log. Logs violations of this signature rule to the Citrix ADC log.
- Stat. Includes violations of this signature rule in the statistics.
- Remove. Strips information that matches the signature rule from the response. (Applies only to response rules.)
- X-Out. Masks information that matches the signature rule with the letter X. (Applies only to response rules.)
- Allow Duplicates. Allows duplicates of this signature rule in this signatures object.
-
Choose a category for the new signature rule from the Category drop-down list.
You can also create a new category by clicking the icon to the right of the list and using the Add Signature Rule Category dialog box to add a new category to the list, The rule you are modifying is automatically added to the new category. For instructions, see “To add a signature rule category.”
-
In the LogString text box, type a brief description of the signature rule to be used in the logs.
-
In the Comment text box, type a comment. (Optional)
-
Click More…, and modify the advanced options.
- To strip HTML comments before applying this signature rule, in the Strip Comments drop-down list choose All or Exclude Script Tag.
- To set CSRF Referer Header checking, in the CSRF Referer Header checking radio button array, select either the If Present or Always radio button.
- To manually modify the Rule ID assigned to this local signature rule, modify the number in the Rule ID text box. The ID must be a positive integer between 1000000 and 1999999 that has not already been assigned to a local signature rule.
- To assign a version number to the new signature rule, modify the number in the Version Number text box.
- To assign a Source ID, modify the string in the Source ID text box.
- To specify the source, choose Local or Snort from the Source drop-down list, or click the Add icon to the right of the list and add a new source.
- To assign a harm score to violations of this local signature rule, type a number between 1 and 10 in the Harm Score text box.
- To assign a severity rating to this local signature rule, in the Severity drop-down list choose High, Medium, or Low, or click the Add icon to the right of the list and add a new severity rating.
- To assign a violation type to this local signature rule, in the Type drop-down list choose Vulnerable or Warning, or click the Add icon to the right of the list and add a new violation type.
-
In the Patterns list, add or edit a pattern.
- To add a pattern, click Add. In the Create New Signature Rule Pattern dialog box, add one or more patterns for your signature rule, and then click OK.
- To edit a pattern, select the pattern, and then click Open. In the Edit Signature Rule Pattern dialog box, modify the pattern, and then click OK.
For more information about adding or editing patterns, see “Signature Rule Patterns.”
2. Click OK.
Share
Share
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.