Dears, We moved recently to Citrix Web Application Firewall. We want to protect our websites using citrix WAF. we conducted VA and get the following vulnerability:   Cloud Metadata Potentially Exposed   Anyone can help how to deal with this vulnerability on citrix WAF.  ..read more

HI   Can anyone help me out, I have Cookie Consistency selected for Logs Stats and learning,  When opening a new tab on the browser for Sharepoint the attached image comes up randomly, when you refresh, the correct page displays,   Turning off all checks for CookieConsistency, everything displays correctly.   No errors on the logs, only thing i see come up is "Request has duplicate cookie  <not blocked>"   Thanks in Advance ..read more

what steps on gui can configure netscaler for basic waf (best practice) or at least learn mode ..read more

Hi team Do you know " how do you collect full body log WAF on Citrix ADC" I tried on Audit Message Action. But I don't know writen Expression collect full Body log?   Please help Thanks Hung Hoang ..read more

Dear sir/madam,   Good evening,   we are using ADC version 13.0 build 89.7. Now we can see our learning rules are 184 and relaxation rules are 2000.and our database is not learning traffic when we enabled learning mode.AS per citrix engineer the learning database has reached the limit. we restarted the learning process but no use.and now the citrix engineer guided as to reset the profile.And if we do reset the profile anything negative impact on the production???    And if we skipped one learning rule then,is waf will learn again that particular url ????   And we are g ..read more

Hi everyone, Anyone have faced an issue with WAF block file size over 100MB?  I have issued with FTP can't upload file size larger 100Mb after apply WAF. Pls anyone advise the solution. Thanks  ..read more

Dear sir,   we are using ADC WAF  13.0 build 89.7. we are getting content type,csrf tag, field consistency,field format,sql,start url, multiple header,invalid RFC,cookie Hijack,command injection violations.when we tried to enable start url block option the web page is getting struck.and if  we enabled  remaining block options the application not performing their functions.and now learning is enabled in waf for the above violations. could you please any one help me to solve this  issue???   Thanks & Regards, Raj ..read more

Hi,   Does someone has the same issue like me that after updating ADC to release 13.1. 42.47 the Search option of WAF signature does not work anymore?    Regards, Hemant ..read more

Hello,   i want to write a relaxation rule for html sql injection grammar based. But my relaxation is not working. The adm log shows    So my relaxation rule is configured so    But its not working. I also tried as value expression .* but this also won't work.   Any ideas, why ..read more

Hello, we use our WAF in ADC Version 13.1 build 42. We see since some versions in adm that a Security Check violation of type "Invalid RFC" is detected. But it is not blocked.   Have someone any idea, where i can block unvalid rfc requests? In the profile settings of the waf profile, i configured RFC Profile check to APPFW_RFC_BLOCK ..read more