Scenario: A Citrix Engineer is notified that no traffic is reaching the protected web application. While investigating, the engineer notices that the Citrix Web App Firewall policy has 516,723 hits.
What should the engineer check next?
Scenario: A Citrix Engineer is notified that no traffic is reaching the protected web application. While investigating, the engineer notices that the Citrix Web App Firewall policy has 516,723 hits.
What should the engineer check next?
Given the scenario where the Citrix Web App Firewall policy has recorded a substantial number of hits, the next logical step is to check the security checks in the assigned profile. This is because the policy expression determines whether the request should be processed by the Web App Firewall, and a high number of hits indicates that requests are indeed being processed. The security checks in the assigned profile will determine if any of those checks are causing legitimate traffic to be blocked, which aligns with the observed issue of no traffic reaching the protected web application.
B.......
A. The policy expression The engineer should check the policy expression to ensure that it is correctly written and not inadvertently blocking all traffic. A high number of hits on the policy could indicate that the expression is too broad or incorrectly configured, leading to legitimate traffic being blocked. It is essential to ensure the policy expression accurately reflects the traffic that should be allowed or blocked.
Policy expressions don't block traffic, they determine whether the policy matches the connection attempt.
Exactly. If there are hits that means expression matches the requests, hence it is processed further by WAF, so you should look into security checks next.