appfwsettings
Configuration for AS settings resource.
Properties
(click to see Operations)
| Name | Data Type | Permissions | Description |
|---|---|---|---|
| defaultprofile | <String> | Read-write | Profile to use when a connection does not match any policy. Default setting is APPFW_BYPASS, which sends unmatched connections back to the NetScaler appliance without attempting to filter them further.<br>Default value: APPFW_BYPASS<br>Minimum length = 1 |
| undefaction | <String> | Read-write | Profile to use when an application firewall policy evaluates to undefined (UNDEF). An UNDEF event indicates an internal error condition. The APPFW_BLOCK built-in profile is the default setting. You can specify a different built-in or user-created profile as the UNDEF profile.<br>Default value: APPFW_BLOCK<br>Minimum length = 1 |
| sessiontimeout | <Double> | Read-write | Timeout, in seconds, after which a user session is terminated. Before continuing to use the protected web site, the user must establish a new session by opening a designated start URL.<br>Default value: 900<br>Minimum value = 1<br>Maximum value = 65535 |
| learnratelimit | <Double> | Read-write | Maximum number of connections per second that the application firewall learning engine examines to generate new relaxations for learning-enabled security checks. The application firewall drops any connections above this limit from the list of connections used by the learning engine.<br>Default value: 400<br>Minimum value = 1<br>Maximum value = 1000 |
| sessionlifetime | <Double> | Read-write | Maximum amount of time (in seconds) that the application firewall allows a user session to remain active, regardless of user activity. After this time, the user session is terminated. Before continuing to use the protected web site, the user must establish a new session by opening a designated start URL.<br>Default value: 0<br>Minimum value = 0<br>Maximum value = 2147483647 |
| sessioncookiename | <String> | Read-write | Name of the session cookie that the application firewall uses to track user sessions. Must begin with a letter or number, and can consist of from 1 to 31 letters, numbers, and the hyphen (-) and underscore (_) symbols. The following requirement applies only to the NetScaler CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my cookie name" or my cookie name).<br>Minimum length = 1 |
| clientiploggingheader | <String> | Read-write | Name of an HTTP header that contains the IP address that the client used to connect to the protected web site or service. |
| importsizelimit | <Double> | Read-write | Cumulative total maximum number of bytes in web forms imported to a protected web site. If a user attempts to upload files with a total byte count higher than the specified limit, the application firewall blocks the request.<br>Default value: 134217728<br>Minimum value = 1<br>Maximum value = 134217728 |
| signatureautoupdate | <String> | Read-write | Flag used to enable/disable auto update signatures.<br>Default value: OFF<br>Possible values = ON, OFF |
| signatureurl | <String> | Read-write | URL to download the mapping file from server.<br>Default value: https://s3.amazonaws.com/NSAppFwSignatures/SignaturesMapping.xml |
| cookiepostencryptprefix | <String> | Read-write | String that is prepended to all encrypted cookie values.<br>Minimum length = 1 |
| logmalformedreq | <String> | Read-write | Log requests that are so malformed that application firewall parsing doesnt occur.<br>Default value: ON<br>Possible values = ON, OFF |
| ceflogging | <String> | Read-write | Enable CEF format logs.<br>Default value: OFF<br>Possible values = ON, OFF |
| entitydecoding | <String> | Read-write | Transform multibyte (double- or half-width) characters to single width characters.<br>Default value: OFF<br>Possible values = ON, OFF |
| useconfigurablesecretkey | <String> | Read-write | Use configurable secret key in AppFw operations.<br>Default value: OFF<br>Possible values = ON, OFF |
Operations
(click to see Properties)
Some options that you can use for each operations:
Getting warnings in response: NITRO allows you to get warnings in an operation by specifying the "warning" query parameter as "yes". For example, to get warnings while connecting to the NetScaler appliance, the URL is as follows:
http://<netscaler-ip-address>/nitro/v1/config/login?warning=yes
If any, the warnings are displayed in the response payload with the HTTP code "209 X-NITRO-WARNING".
Authenticated access for individual NITRO operations: NITRO allows you to logon to the NetScaler appliance to perform individual operations. You can use this option instead of creating a NITRO session (using the login object) and then using that session to perform all operations,
To do this, you must specify the username and password in the request header of the NITRO request as follows:
X-NITRO-USER:<username>
X-NITRO-PASS:<password>
Note: In such cases, make sure that the request header DOES not include the following:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue>
Note:
Mandatory parameters are marked in red and placeholder content is marked in <green>.
update
URL: http://<NSIP>/nitro/v1/config/
HTTP Method: PUT
Request Payload:
{ "params": { "warning":<String_value>, "onerror":<String_value>" }, sessionid":"##sessionid", "appfwsettings":{ "defaultprofile":<String_value>, "undefaction":<String_value>, "sessiontimeout":<Double_value>, "learnratelimit":<Double_value>, "sessionlifetime":<Double_value>, "sessioncookiename":<String_value>, "clientiploggingheader":<String_value>, "importsizelimit":<Double_value>, "signatureautoupdate":<String_value>, "signatureurl":<String_value>, "cookiepostencryptprefix":<String_value>, "logmalformedreq":<String_value>, "ceflogging":<String_value>, "entitydecoding":<String_value>, "useconfigurablesecretkey":<String_value>, }}
Response Payload:
{ "errorcode": 0, "message": "Done", "severity":
unset
URL: http://<NSIP>/nitro/v1/config/
HTTP Method: POST
Request Payload:
object={
"params":{
"warning":<String_value>,
"onerror":<String_value>,
"action":"unset"
},
"sessionid":"##sessionid",
"appfwsettings":{
"defaultprofile":true,
"undefaction":true,
"sessiontimeout":true,
"learnratelimit":true,
"sessionlifetime":true,
"sessioncookiename":true,
"clientiploggingheader":true,
"importsizelimit":true,
"signatureautoupdate":true,
"signatureurl":true,
"cookiepostencryptprefix":true,
"logmalformedreq":true,
"ceflogging":true,
"entitydecoding":true,
"useconfigurablesecretkey":true,
}}
Response Payload:
{ "errorcode": 0, "message": "Done", "severity":
get (all)
URL: http://<NSIP>/nitro/v1/config/appfwsettings
HTTP Method: GET
Response Payload:
{ "errorcode": 0, "message": "Done", "severity": <String_value>, "appfwsettings": [ { "defaultprofile":<String_value>, "undefaction":<String_value>, "sessiontimeout":<Double_value>, "learnratelimit":<Double_value>, "sessionlifetime":<Double_value>, "sessioncookiename":<String_value>, "clientiploggingheader":<String_value>, "importsizelimit":<Double_value>, "signatureautoupdate":<String_value>, "signatureurl":<String_value>, "cookiepostencryptprefix":<String_value>, "logmalformedreq":<String_value>, "ceflogging":<String_value>, "entitydecoding":<String_value>, "useconfigurablesecretkey":<String_value> }]}