I have noticed a distinct lack of discussion regarding the plethora of options within the App Firewall protections. Does anyone have any recommended or "best" practices they would care to share? I have reviewed the document Citrix has available (CTX121173) and most of the information is generic or extremely dated at this point. I realize there is no perfect set of rules that would apply to every single web site/application. To get things started here are some things I implement nearly all the time:
- A redirect error page with a generic "if you think you have received this message in error" message along with a mailto link. Most clients like this, but some prefer to give potential adversaries zero additional help.
- Enforcement of URL closure with the "validate referrer header if present" option selected.
- Cookie Consistency Check with the "transform" and "flags to add" options.
- Buffer Overflow with the boundaries set a little higher than the maximums observed during the learning phase.
I would love to hear what others are doing with this underutilized and very cool piece of Netscaler technology!