This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Edit signatures to add or modify rules
You can edit the user-defined signatures to add or modify a rule. A local signature rule has the same attributes as a default signature rule from Citrix, and it functions in the same way. You enable or disable it, and configure the signature actions for it, just as you do for a default signature.
Add a local rule if you need to protect your websites and services from a known attack that the existing signatures do not match. For example, you might discover a new type of attack and determine its characteristics by examining the logs on your web server, or you might obtain third-party information about a new type of attack.
At the heart of a signature rule are the rule patterns, which collectively describe the characteristics of the attack that the rule is designed to match. Each pattern can consist of a simple string, a PCRE-format regular expression, or the built-in SQL injection or cross-site scripting patterns.
You might want to modify a signature rule by adding a new pattern or modifying an existing pattern to match an attack. For example, you might find out about changes to an attack, or you might determine a better pattern by examining the logs on your web server, or from third-party information.
Add or modify a local signature rule
-
Navigate to Security > NetScaler Web App Firewall > Signatures.
-
In the details pane, select the user-defined signatures that you want to edit, and then click Edit.
-
In the Signature Rules section, click Add. The Signature Rule pane appears.
-
Configure the actions for a signature by selecting the appropriate check boxes.
- Enabled. Enables the new signature rule. If you do not select this, this new signature rule is added to your configuration, but is inactive.
- Block. Blocks connections that violate this signature rule.
- Log. Logs violations of this signature rule to the NetScaler log.
- Stat. Includes violations of this signature rule in the statistics.
- Remove. Strips information that matches the signature rule from the response. (Applies only to response rules.)
- X-Out. Masks information that matches the signature rule with the letter X. (Applies only to response rules.)
- Allow Duplicates. Allows duplicates of this signature rule in this signatures object.
-
Choose a category for the new signature rule from the Category drop-down list.
If you want to create a category, click Add. For more information, see Add a signature rule category.
-
In the LogString text box, type a brief description of the signature rule to be used in the logs.
-
In the Comment text box, type a comment. (Optional)
-
Click More to modify the advanced options.
- To strip HTML comments before applying this signature rule, in the Strip Comments drop-down list choose All or Exclude Script Tag.
- To set CSRF Referrer Header checking, in the CSRF Referrer Header checking radio button array, select either the If Present or Always radio button.
- To manually modify the Rule ID assigned to this local signature rule, modify the number in the Rule ID text box. The ID must be a positive integer between 1000000 and 1999999 that has not already been assigned to a local signature rule.
- To assign a version number to the new signature rule, modify the number in the Version Number text box.
- To assign a Source ID, modify the string in the Source ID text box.
- To specify the source, choose Local or Snort from the Source drop-down list, or click the Add icon to the right of the list and add a new source.
- To assign a harm score to violations of this local signature rule, type a number between 1 and 10 in the Harm Score text box.
- To assign a severity rating to this local signature rule, in the Severity drop-down list choose High, Medium, or Low, or click the Add icon to the right of the list and add a new severity rating.
- To assign a violation type to this local signature rule, in the Type drop-down list choose Vulnerable or Warning, or click the Add icon to the right of the list and add a new violation type.
-
In Rule Patterns, click Add to add a pattern. You can also edit the existing patterns to do so click Edit.
For more information about adding or editing patterns, see Signature Rule Patterns.
-
Click OK.
Add a signature rule category
Putting signature rules into a category enables you to configure the actions for a group of signatures instead of for each individual signature. You might want to do so for the following reasons:
- Ease of selection. For example, assume that all of the signature rules in a particular group protect against attacks on a specific type of web server software or technology. If your protected websites use that software or technology, you want to enable them all. If they do not, you do not want to enable any of them.
- Ease of initial configuration. It is easiest to set defaults for a group of signatures as a category, instead of one-by-one. You can then make any changes to the individual signatures as needed.
- Ease of ongoing configuration. It is easier to configure signatures if you can display only those that meet specific criteria, such as belonging to a specific category.
Share
Share
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.