Scenario: A Citrix Engineer configures Citrix Web App Firewall to protect an application. Upon reviewing the log files, the engineer notices a pattern of forceful browsing toward the configuration page for the application. To protect against this, the engineer enforces Start URL and enables Enforce URL Closure.
What is the effect of enforcing Start URL and enabling Enforce URL Closure on the application?
When enforcing Start URL and enabling Enforce URL Closure, users can access specific pages by clicking a link from another page within the website. This helps prevent forceful browsing directly to sensitive pages like /config.aspx. Therefore, access to the path /config.aspx is unblocked when a user clicks a referring link elsewhere on the website.
i agree, it's A https://docs.citrix.com/en-us/citrix-adc/current-release/application-firewall/url-protections/starturl-check.html Enforce URL Closure. Allow users to access any web page on your website by clicking a hyperlink on any other page on your website.
it should be A
A. Access to the path /config.aspx is unblocked when a user clicks a referring link elsewhere on the website. This is because Enforce URL Closure allows users to access any webpage on the website by clicking a hyperlink on any other page on the website, as long as the URL is configured as a Start URL. If /config.aspx is a Start URL and the user navigates there by clicking a link within the site, they will be allowed access. If it is not a Start URL, even navigating there by clicking a link within the site would be blocked.
A: Access to the URL is blocked (D) when browsing forcefully. But, if you click on a link from a valid web page, access is allowed (A).
D and A are both correct, I think
Agree, it's A