Create WAF and BOT profiles using StyleBook 编辑
Create WAF and BOT profiles using StyleBook
When you can select a policy to an API resource in API Gateway, it allows you to define the traffic selection criteria to authenticate an API request. Also, it allows you to configure API security policies to the API traffic. For more information, see Manage API gateway.
You can configure WAF and BOT policies to an API resource. Before you configure a policy, ensure to create its profile in Citrix ADM. Use the following default StyleBooks to create a profile:
API WAF Detection StyleBook
API BOT Detection StyleBook
Create a WAF profile using the StyleBook
Perform the following to create a WAF profile:
In Citrix ADM, navigate to Applications > Configurations > StyleBooks. Search for the StyleBook by typing the name as
api-waf-profile
. Click Create Configuration.The StyleBook opens as a user interface page on which you can enter the values for all the parameters defined in this StyleBook.
Specify values for the following parameters:
API WAF profile name - A name to identify a WAF profile.
Application Type - Add application types to the profile. The WAF profile supports JSON and XML application types.
Optional, enable Security Settings to specify HTTP, JSON, or XML protection checks. You can also specify an Error URL to the Citrix Web App Firewall. For more information, see Creating Web App Firewall profile.
Select the target Citrix ADC instance or instance group on which you want to deploy this configuration.
Click Create.
To configure a WAF policy, see Add policies to an API deployment.
Create a BOT profile using the StyleBook
Perform the following to create a BOT profile:
In Citrix ADM, navigate to Applications > Configurations > StyleBooks. Search for the StyleBook by typing the name as
api-bot-profile
. Click Create Configuration.The StyleBook opens as a user interface page on which you can enter the values for all the parameters defined in this StyleBook.
In BOT Profile Name, specify a name to identify a BOT profile.
Optional, enable the following options based on your requirements:
Enable IP reputation check - This option identifies the IP address that is sending unwanted requests. You can use the IP reputation list to preemptively reject requests that are coming from the IP with the bad reputation.
Enable BOT Signatures - Specify the BOT signature name. It blocks the requests from the specified signature.
Allow List - Specify IPv4 or subnet (CIDR) address. This option enables the BOT profile to bypass requests from the specified IPv4 or subnet address.
Deny List - Specify IPv4 or subnet (CIDR) address. This option enables the BOT profile to block requests from the specified IPv4 or subnet address.
Select the target Citrix ADC instance or instance group on which you want to deploy this configuration.
Click Create.
To configure a BOT policy, see Add policies to an API deployment.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论