ADC

Adding or removing a signature object

You can add a new signature object to the Web App Firewall by:

  • Copying a built-in template.
  • Copying an existing signatures object.
  • Importing a signatures object from an external file.

The signature file includes CPU usage, latest applicable year, and severity level details. You can see the CPU usage, latest year, and CVE severity level every time a signature file is modified and uploaded periodically. After observing these values, you can decide to enable or disable the signature on the appliance.

You must use the GUI to copy a template or existing signatures object. You can use either the GUI or the command line to import a signatures object. You can also use either the GUI or the command line to remove a signatures object.

To create a signatures object from a template

  1. Navigate to Security > Citrix Web App Firewall > Signatures.

  2. In the details pane, select the signatures object that you want to use as a template.

    Your choices are:

    • Default Signatures. Contains the signatures rules, the SQL injection rules, and the cross-site scripting rules.
    • XPath Injection. Contains the XPath injection patterns.
    • Any existing signatures object.

    Attention:

    If you do not choose a signatures type to use as a template, the Web App Firewall prompts you to create signatures from scratch.

  3. Click Add.

  4. In the Add Signatures Object dialog box, type a name for your new signatures object, and then click OK. The name can begin with a letter, number, or the underscore symbol, and can consist of from one to 31 letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), and underscore (_) symbols.

  5. Click Close.

To create a signatures object by importing a file

  1. Navigate to Security > Citrix Web App Firewall > Signatures.
  2. In the details pane, click Add.
  3. In the Add Signatures Object dialog box, select the format of the signatures you want to import.
    • To import a Citrix ADC format signatures file, select the Native Format tab.
    • To import an external signatures format file, select the External Format tab.
  4. Choose the file that you want to use to create your signatures object.
    • To import a native Citrix ADC format signatures file, in the Import section select either Import from Local File or Import from URL, then type or browse to the path or URL to the file.
    • To import a Cenzic, IBM AppScan, Qualys, or Whitehat format file, in the XSLT section select Use Built-in XSLT File, Use Local File, or Reference from URL. Next, if you chose Use Built-in XSLT File, select the appropriate file format from the list. If you chose Use Local File or Reference from URL, then type or browse to the path or URL to the file.
  5. Click Add, and then click Close.

To create a signatures object by importing a file by using the command line

At the command prompt, type the following commands:

  • import appfw signatures <src> <name> [-xslt <string>] [-comment <string>] [-overwrite] [-merge] [-sha1 <string>]
  • save ns config

Example #1

The following example creates a signatures object from a file named signatures.xml and assigns it the name MySignatures.

import appfw signatures local:signatures.xml MySignatures
save ns config
<!--NeedCopy-->

To remove a signatures object by using the GUI

  1. Navigate to Security > Citrix Web App Firewall > Signatures.
  2. In the details pane, select the signatures object that you want to remove.
  3. Click Remove.

To remove a signatures object by using the command line

At the command prompt, type the following commands:

  • rm appfw signatures <name>
  • save ns config
Adding or removing a signature object