Deny URL check 编辑

The Deny URL check examines and blocks connections to URLs that are commonly accessed by hackers and malicious code. This check contains a list of URLs that are common targets of hackers or malicious code and that rarely if ever appear in legitimate requests. You can also add URLs or URL patterns to the list. The Deny URL check prevents attacks against various security weaknesses known to exist in web server software or on many websites.

The Deny URL check takes priority over the Start URL check, and thus denies malicious connection attempts even when a Start URL relaxation would normally allow a request to proceed.

In the Modify Deny URL Check dialog box, on the General tab you can enable or disable the Block, Log, and Statistics actions.

If you use the command-line interface, you can enter the following command to configure the Deny URL Check:

set appfw profile <name> -denyURLAction [**block**] [**log**] [**stats**] [**none**]
<!--NeedCopy-->

You can create and configure your own deny URLs only in the Citrix ADC GUI.

1. Navigate to Security > Citrix Web App Firewall > Profiles.
2. Select a profile for which you want to add a deny URL and click Edit.
3. In the Citrix Web App Firewall Profile page, select Relaxation Rules from the Advanced Settings section.

4. Select Deny URL and click Edit.

   

5. In the Deny URL Rules page, click Add.

6. Specify the following details and click Create.

   • Deny URL - A regular expression to define a deny URL.
   • Comments - Description for the expression.
   • Resource ID - Unique ID to identify the deny URL rule.

   

7. Click Close.
8. In the Citrix Web App Firewall Profile page, click Done.

Following are examples of Deny URL expressions:

• Do not allow users to access the image server at images.example.com directly:

   ^http://images[.]example[.]com$
   <!--NeedCopy-->