“Flexi” for short of flexibility– been in “Down Under” all week so some of the expressions rubbing off 😉
In any case, there are a couple of articles been posted for some time now but I wanted to highlight here because of the flexibility that Application Firewall (AppFW) has depending what the customers are looking for.
For example, a customer can decide to set AppFW policy in place by allowing specific content types in an HTTP request so it does not have to go through AppFW processing.
Procedure to configure this setup can be found in the following Knowledge base article – CTX138859
From NetScaler default perspective, it processes HTTP requests with the following content types:
User can configure the Application Firewall to allow some content types to the backend sever without processing and block the remaining content types. Some hackers that do not send content-type in the requests, this can help in granular AppFW policies whenever needed. Some of these types can be found here.
Another adaptable use case is for excluding Response Content Type from inspection for Safe objects and credit cards. CTX138857
At NetScaler default configuration, content types such as image, video, audio, pdf, and postscript are excluded from inspection for Safe Objects and Credit Cards. User is allowed to add, remove, or disable response content types as required. An example of this use case is when certain image is constantly there and customer want to bypass the thorough AppFW inspection then this is definitely worthwhile to do.
Stay tuned for more flexible features to share on NetScaler.