ADC

Adding or removing a signature object

You can add a new signature object to the Web App Firewall by:

  • Copying a built-in template.
  • Copying an existing signatures object.
  • Importing a signatures object from an external file.

The signature file includes CPU usage, latest applicable year, and severity level details. You can see the CPU usage, latest year, and CVE severity level every time a signature file is modified and uploaded periodically. After observing these values, you can decide to enable or disable the signature on the appliance.

You must use the GUI to copy a template or existing signatures object. You can use either the GUI or the command line to import a signatures object. You can also use either the GUI or the command line to remove a signatures object.

To create a signatures object from a template

  1. Navigate to Security > NetScaler Web App Firewall > Signatures.

  2. In the details pane, select the signatures object that you want to use as a template.

    Your choices are:

    • Default Signatures. Contains the signatures rules, the SQL injection rules, and the cross-site scripting rules.
    • XPath Injection. Contains the XPath injection patterns.
    • Any existing signatures object.

    Attention:

    If you do not choose a signatures type to use as a template, the Web App Firewall prompts you to create signatures from scratch.

  3. Click Add.

  4. In the Add Signatures Object dialog box, type a name for your new signatures object, and then click OK. The name can begin with a letter, number, or the underscore symbol, and can consist of from one to 31 letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), and underscore (_) symbols.

  5. Click Close.

To create a signatures object by importing a file

  1. Navigate to Security > NetScaler Web App Firewall > Signatures.
  2. In the details pane, click Add.
  3. In the Add Signatures Object dialog box, select the format of the signatures you want to import.
    • To import a NetScaler format signatures file, select the Native Format tab.
    • To import an external signatures format file, select the External Format tab.
  4. Choose the file that you want to use to create your signatures object.
    • To import a native NetScaler format signatures file, in the Import section select either Import from Local File or Import from URL, then type or browse to the path or URL to the file.
    • To import a Cenzic, IBM AppScan, Qualys, or Whitehat format file, in the XSLT section select Use Built-in XSLT File, Use Local File, or Reference from URL. Next, if you chose Use Built-in XSLT File, select the appropriate file format from the list. If you chose Use Local File or Reference from URL, then type or browse to the path or URL to the file.
  5. Click Add, and then click Close.

To create a signatures object by importing a file by using the command line

At the command prompt, type the following commands:

  • import appfw signatures <src> <name> [-xslt <string>] [-comment <string>] [-overwrite] [-merge] [-sha1 <string>]
  • save ns config

Example #1

The following example creates a signatures object from a file named signatures.xml and assigns it the name MySignatures.

import appfw signatures local:signatures.xml MySignatures
save ns config
<!--NeedCopy-->

To add individual signatures by using CLI

You can select signatures by their IDs or category and then set actions. At the command prompt, run the following command:

import appfw signature <source> <name> [-sigRuleId| -sigCategory] [Rule-IDs | Category name] -Enabled [ON | OFF] [-Action LOG BLOCK]
<!--NeedCopy-->
  • Examples to use signature IDs

    The following example enables the signatures by their rule IDs and sets the log and block actions:

     import appfw signature DEFAULT object_name -sigRuleId 1001 9882 2000 1250 810 -Enabled ON -Action LOG BLOCK
     <!--NeedCopy-->
    

    The following example adds the signature by its ID without enabling it:

     import appfw signature DEFAULT object_name -sigRuleId 810 -Enabled OFF
     <!--NeedCopy-->
    
  • Examples to use signature category

    The following example enables the signatures by the web-misc category and sets the log and block actions:

     import appfw signature DEFAULT object_name -sigCategory web-misc -Enabled ON -Action LOG BLOCK
     <!--NeedCopy-->
    

    The following example adds the signatures by the web-misc category without enabling it:

     import appfw signature DEFAULT object_name -sigCategory web-misc -Enabled OFF
     <!--NeedCopy-->
    

To remove a signatures object by using the GUI

  1. Navigate to Security > NetScaler Web App Firewall > Signatures.
  2. In the details pane, select the signatures object that you want to remove.
  3. Click Remove.

To remove a signatures object by using the command line

At the command prompt, type the following commands:

  • rm appfw signatures <name>
  • save ns config