appfw policy¶
The following operations can be performed on "appfw policy":
add | rm | set | unset | show | stat | rename
add appfw policy¶
Creates an application firewall policy.
Synopsys¶
add appfw policy <name> <rule> <profileName> [-comment <string>] [-logAction <string>]
Arguments¶
name
Name for the policy.
Must begin with a letter, number, or the underscore character \(_\), and must contain only letters, numbers, and the hyphen \(-\), period \(.\) pound \(\#\), space \( \), at (@), equals \(=\), colon \(:\), and underscore characters. Can be changed after the policy is created.
The following requirement applies only to the NetScaler CLI:
If the name includes one or more spaces, enclose the name in double or single quotation marks \(for example, "my policy" or 'my policy'\).
rule
Name of the NetScaler named rule, or a NetScaler default syntax expression, that the policy uses to determine whether to filter the connection through the application firewall with the designated profile.
profileName
Name of the application firewall profile to use if the policy matches.
comment
Any comments to preserve information about the policy for later reference.
logAction
Where to log information for connections that match this policy.
rm appfw policy¶
Removes an application firewall policy.
Synopsys¶
rm appfw policy <name>
Arguments¶
name
Name of the policy to remove.
set appfw policy¶
Modifies the specified parameters of an application firewall policy.
Synopsys¶
set appfw policy <name> [-rule <expression>] [-profileName <string>] [-comment <string>] [-logAction <string>]
Arguments¶
name
Name of the policy to modify.
rule
Name of the NetScaler named rule, or a NetScaler default syntax expression, that the policy uses to determine whether to filter the connection through the application firewall with the designated profile.
profileName
Name of the application firewall profile to use if the policy matches.
comment
Any comments to preserve information about the policy for later reference.
logAction
Where to log information for connections that match this policy.
Example¶
set transform policy pol9 -rule "HTTP.REQ.HEADER(\\"header\\").CONTAINS(\\"qh2\\")"
unset appfw policy¶
Removes the settings of an existing application firewall policy. Attributes for which a default value is available revert to their default values. See the set appfw policy command for a description of the parameters..Refer to the set appfw policy command for meanings of the arguments.
Synopsys¶
unset appfw policy <name> [-comment] [-logAction]
Example¶
unset transform policy pol9 -undefAction
show appfw policy¶
Displays the current settings for the specified application firewall policy.If no policy name is provided, displays a list of all application firewall policies currently configured on the NetScaler appliance.
Synopsys¶
show appfw policy [<name>]
Arguments¶
name
Name of the policy.
Outputs¶
stateflag
rule
Name of the NetScaler named rule, or a NetScaler default syntax expression, that the policy uses to determine whether to filter the connection through the application firewall with the designated profile.
profileName
Name of the application firewall profile to use if the policy matches.
hits
Number of hits.
piHits
Number of hits.
undefHits
Number of Undef hits.
gotoPriorityExpression
Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.
labelType
Type of policy label invocation.
labelName
Name of the label to invoke if the current policy rule evaluates to TRUE.
comment
Any comments to preserve information about the policy for later reference.
logAction
Where to log information for connections that match this policy.
boundTo
The entity name to which policy is bound
activePolicy
Indicates whether policy is bound or not.
priority
Specifies the priority of the policy.
bindPolicyType
policyType
vserverType
devno
count
stat appfw policy¶
Displays statistics for the specified application firewall policy. If no application firewall policy is specified, displays abbreviated statistics for all application firewall policies.
Synopsys¶
stat appfw policy [<name>] [-detail] [-fullValues] [-ntimes <positive_integer>] [-logFile <input_filename>] [-clearstats ( basic | full )]
Arguments¶
name
Name of the application firewall policy.
detail
Specifies detailed output (including more statistics). The output can be quite voluminous. Without this argument, the output will show only a summary.
fullValues
Specifies that numbers and strings should be displayed in their full form. Without this option, long strings are shortened and large numbers are abbreviated
ntimes
The number of times, in intervals of seven seconds, the statistics should be displayed.
Default value: 1
Minimum value: 0
logFile
The name of the log file to be used as input.
clearstats
Clear the statsistics / counters
Possible values: basic, full
Outputs¶
count
devno
stateflag
Outputs¶
Policy hits (Hits)
Number of hits on the policy
Policy undef hits (Undefhits)
Number of undef hits on the policy
Example¶
stat appfw policy
Related Commands¶
rename appfw policy¶
Renames an application firewall policy.
Synopsys¶
rename appfw policy <name>@ <newName>@
Arguments¶
name
Existing name of the application firewall policy.
newName
New name for the policy. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters.
The following requirement applies only to the NetScaler CLI:
If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my policy" or 'my policy').
Example¶
rename appfw policy oldname newname