This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Engine settings
The engine settings affect all requests and responses that the NetScaler Web App Firewall processes. Following are the settings:
- Cookie name—The name of the cookie that stores the NetScaler session ID.
- Session timeout—The maximum inactive period allowed. If a user session shows no activity for this length of time, the session is terminated and the user is required to reestablish it by visiting a designated start page.
- Cookie post-encrypts prefix—The string that precedes the encrypted portion of any encrypted cookies.
- Maximum session lifetime—The maximum amount of time, in seconds, that a session is allowed to remain live. After this period is reached, the session is terminated and the user is required to reestablish it by visiting a designated start page. This setting cannot be less than the session timeout. To disable this setting, so that there is no maximum session lifetime, set the value to zero (0).
- Logging header name—The name of the HTTP header that holds the Client IP, for logging.
- Undefined profile—The profile applied when the corresponding policy action evaluates as undefined.
- Default profile—The profile applied to connections that do not match a policy.
- Import size limit—The maximum byte count of all files imported to the appliance, including signatures, WSDLs, schemas, HTML, and XML error pages. During an import, if the size of the imported object causes the cumulative count of all imported files to exceed the configured limit, the import operation fails. And the appliance displays the following error message: “ERROR: Import failed - exceeding the configured total size limit on the imported objects”.
- Learn message rate limit—The maximum number of requests and responses per second that the learning engine is to process. Any additional requests or responses over this limit are not sent to the learning engine.
-
Proxy Server - A proxy server is an intermediate server that retrieves data from the internet on behalf of the user. It provides as an additional layer of security for your appliance. The NetScaler appliance that has proxy authentication enabled authenticates itself with the proxy server before downloading the updates from the internet. This way, it protects the appliances from malicious downloads. Configure the following parameters:
- Proxy Server – The IP address of the proxy server from which the latest AWS signatures are downloaded.
- Proxy Port - The port number of the proxy server from which the latest AWS signatures are downloaded.
- Proxy Username - The port number of the proxy server from which the latest AWS signatures are downloaded.
- Proxy Password - Password to authenticate to the proxy server for downloading signature updates.
- Entity decoding—Decode HTML entities when running Web App Firewall checks.
- Log malformed request—Enable logging of malformed HTTP requests.
- Use configurable secret key—Use a configurable secret key for Web App Firewall operations. This secret key is used for signing and verifying data. When “useConfigurableSecretKey” is turned ON, you must use the key enabled in the “set ns encryptionParams” parameter.
- Reset learned data—Remove all learned data from the Web App Firewall. Restarts the learning process by collecting fresh data.
Two settings, Reset Learned Data and Signatures Auto-Update, are found in different places depending on whether you use the command interface or the NetScaler GUI to configure your NetScaler Web App Firewall. When using the command interface, you configure Reset Learned Data by using the reset appfw learning data command. This takes no parameters and has no other functions. You can configure the signature auto-Update in the set appfw settings command. The -signatureAutoUpdate parameter enables or disables auto-updating of the signatures, and -signatureUrl configures the URL which hosts the updated signatures file.
When using the NetScaler GUI, you configure Reset Learned Data in Security >NetScaler Web App Firewall>Engine Settings. The Reset Learned Data option is at the bottom of the dialog box. You configure Signatures Auto-Update for each set of signatures in Security > NetScaler Web App Firewall > Signatures, by selecting the signatures file, clicking the right mouse button and selecting Auto Update Settings.
Normally, the default values for the Web App Firewall settings are correct. If the default settings cause a conflict with other servers or cause premature disconnection of your users, however, you have to modify them.
The Web App Firewall session limit is configurable using the following command:
> set appfw settings -sessionLimit 500000
Done
Default value:100000 Max value:500000 per PE
<!--NeedCopy-->
To configure engine settings by using the command line interface
At the command prompt, type the following commands:
set appfw settings [-sessionCookieName <name>] [-sessionTimeout <positiveInteger> ] [-sessionLifetime <positiveInteger>][-clientIPLoggingHeader <headerName> ] [-undefaction <profileName>] [-defaultProfile <profileName>] [-importSizeLimit <positiveInteger>] [-logMalformedReq ( ON | OFF )] [-signatureAutoUpdate ( ON | OFF )] [-signatureUrl <expression>] [-cookiePostEncryptPrefix <string>] [-entityDecoding ( ON | OFF )] [-useConfigurableSecretKey ( ON | OFF )][-learnRateLimit <positiveInteger>] [–proxyServer <proxy server ip>] [-proxyPort <proxy server port>] [-proxyUsername <username>] [-proxyPassword <password>]
save ns config
Example
set appfw settings -sessionCookieName citrix-appfw-id -sessionTimeout 3600
-sessionLifetime 14400 -clientIPLoggingHeader NS-AppFW-Client-IP -undefaction APPFW_RESET
-defaultProfile APPFW_RESET -importSizeLimit 4096 -proxyServer 10.102.30.112 -proxyPort 3128 -proxyUsername defaultusername -proxyPassword defaultpassword
save ns config
<!--NeedCopy-->
To configure engine settings by using the NetScaler GUI
- Navigate to Security > NetScaler Web App Firewall
- In the details pane, click Change Engine Settings under Settings.
- In the Web App Firewall Engine Settings dialog box, set the following parameters:
- Cookie Name
- Session Timeout
- Cookie Post Encrypt Prefix
- Maximum Session Lifetime
- Logging Header Name
- Undefined Profile
- Default Profile
- Import Size Limit
- Learn Messages Rate Limit
- Proxy Server
- Proxy Port
- Proxy Username
- Proxy Password
- Entity Decoding
- Log Malformed Request
- Use Secret Key
- Learn Message Rate Limit
- Signatures Auto Update
-
Click OK.
Share
Share
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.