If you are a Web developer or an IT administrator then AppFirewall feature of NetScaler can give you sound sleep at night and save you from some redundant implementation security within each application. Application Firewall by default provides following security features

  • Start URL check. Examines the URLs to which incoming requests are directed, and blocks connections to URLs that are not listed in the Start URLs list, or that a user has not reached by navigating to them from listed start URLs.
  • Cookie Consistency check. Examines cookies returned with user requests to see that they match the cookies your web servervset for that user. If a modified cookie is found, the cookie is stripped from the request before the request is forwarded to the web server.
  • Form Field Consistency check. Examines the structure of the web forms returned by users to your web server, and verifies that the structure of the web form and any default data are unchanged.
  • Buffer Overflow check. Examines requests to detect attempts to cause a buffer overflow on the web server.
  • Field Formats check. Examines the data a user returns using a web form on your web site and verifies that the data being returned for each field is valid for that field.
  • Deny URL check. Examines the URLs to which requests are directed, and blocks connections to all URLs specified in this list.
  • Cross-Site Scripting check. Examines requests and responses for scripts that attempt to access or modify content on a different web site than the web site where the script is located. When it finds such a script, it either renders the script harmless before forwarding it to its destination, or blocks
    the connection.
  • SQL Injection check. Examines requests that contain form field data for attempts to inject SQL commands into a back-end SQL database, and when it detects injected SQL code, either renders the injected SQL code harmless before forwarding it to the web server, or blocks the request.
  • Credit Card check. Examines web server responses, including headers, for credit card numbers. If it finds a credit card number in a response, it either removes the credit card number from the response before sending it, or blocks the response.
  • Safe Object check. Allows you to create classes of protected content, such as social security numbers, and protects them in much the same manner as it does credit cards.