Application Firewall and JSON Inspection

Recently I noticed that a vulnerable web server application I had implemented NetScaler Application Firewall on (JuiceShop), did not block SQL Injection and XSS (Cross-Site-Scripting) , even thogh SQLi and XSS was set in Block Mode in Security Check in the Firewall profile. It showed to be AppFirewall not inspecting JSON content per default.

So if my HTTP Request contained JSON Content-Type I could basically bypass the security check and use SQLi towards the vulnerable web app.

Note. This post assumes a basic understanding of Application Firewall in NetScaler.

In order to use AppFirewall on NetScaler with inspection of JSON content do the following:

Register and manage JSON Content Type

NS CLI:

Customize Signatur Rule

Configure Signatur Rule as following:

SignaturRule-Config

Attach Signature to AppFirewall Profile and make sure to mark “Check Request Headers” as following:

AppFW Profile Setting

Referenced at Citrix here:

How to Protect JSON Applications by Using Application Firewall Signatures on NetScaler

Leave a Reply