HTTP changes that occur when using AppFirewall

AppFirewall needs to modify packets in order to detect any sort of tampering. In addition to this, enabling certain protections requires AppFirewall to drop parts of the Server response (such as credit cards and other sensitive data) or alternatively transform them (such as keywords) so that special characters are rendered harmless. In this section, let's examine these changes:

  • One of the first changes you will notice if using features that require sessionization is that AppFirewall adds session cookies to the application's own cookies.
    HTTP changes that occur when using AppFirewall

    AppFirewall Session Cookie when using Advanced Profiles

  • When Advanced Protections are enabled, AppFirewall also removes caching headers so that instead of a conditional response, a full response is received. This is needed to allow AppFirewall to understand the context of the data being exchanged and drop the response if needed. This does however mean that you will see more requests to the backend servers when using Advanced Protections.

    Note

    Note that images are exempt from this behavior.

  • When forwarding the Server's response back to the client, the Content Length header is dropped. Instead a new Transfer-Encoding: chunked header is added. This is a process called chunking, and indicates to the client that the exact size of the response is not known in advance. This step is necessary because the AppFirewall might have to introduce changes of its own to the response (such as drop sensitive data in the response), thereby impacting the size of the response. In such cases, the end of data is indicated by a zero-sized chunk:
    HTTP changes that occur when using AppFirewall

    Note

    Citrix article CTX131488 is an excellent source for more on this topic; I highly encourage reading it as it is quite comprehensive in explaining the packet changes involved.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.69.192