Download full document:

appfwprofile

Configuration for application firewall profile resource.

Properties

(click to see Operations)

NameData TypePermissionsDescription
name<String>Read-writeName for the profile. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.), pound (#), space ( ), at (@), equals (=), colon (:), and underscore (_) characters. Cannot be changed after the profile is added.

The following requirement applies only to the Citrix ADC CLI:
If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my profile" or 'my profile').
Minimum length = 1
defaults<String>Read-writeDefault configuration to apply to the profile. Basic defaults are intended for standard content that requires little further configuration, such as static web site content. Advanced defaults are intended for specialized content that requires significant specialized configuration, such as heavily scripted or dynamic content.

CLI users: When adding an application firewall profile, you can set either the defaults or the type, but not both. To set both options, create the profile by using the add appfw profile command, and then use the set appfw profile command to configure the other option.
Possible values = basic, advanced
starturlaction<String[]>Read-writeOne or more Start URL actions. Available settings function as follows:
* Block - Block connections that violate this security check.
* Learn - Use the learning engine to generate a list of exceptions to this security check.
* Log - Log violations of this security check.
* Stats - Generate statistics for this security check.
* None - Disable all actions for this security check.

CLI users: To enable one or more actions, type "set appfw profile -startURLaction" followed by the actions to be enabled. To turn off all actions, type "set appfw profile -startURLaction none".
Possible values = none, block, learn, log, stats
contenttypeaction<String[]>Read-writeOne or more Content-type actions. Available settings function as follows:
* Block - Block connections that violate this security check.
* Learn - Use the learning engine to generate a list of exceptions to this security check.
* Log - Log violations of this security check.
* Stats - Generate statistics for this security check.
* None - Disable all actions for this security check.

CLI users: To enable one or more actions, type "set appfw profile -contentTypeaction" followed by the actions to be enabled. To turn off all actions, type "set appfw profile -contentTypeaction none".
Possible values = none, block, learn, log, stats
inspectcontenttypes<String[]>Read-writeOne or more InspectContentType lists.
* application/x-www-form-urlencoded
* multipart/form-data
* text/x-gwt-rpc

CLI users: To enable, type "set appfw profile -InspectContentTypes" followed by the content types to be inspected.
Possible values = none, application/x-www-form-urlencoded, multipart/form-data, text/x-gwt-rpc
starturlclosure<String>Read-writeToggle the state of Start URL Closure.
Default value: OFF
Possible values = ON, OFF
denyurlaction<String[]>Read-writeOne or more Deny URL actions. Available settings function as follows:
* Block - Block connections that violate this security check.
* Log - Log violations of this security check.
* Stats - Generate statistics for this security check.
* None - Disable all actions for this security check.

NOTE: The Deny URL check takes precedence over the Start URL check. If you enable blocking for the Deny URL check, the application firewall blocks any URL that is explicitly blocked by a Deny URL, even if the same URL would otherwise be allowed by the Start URL check.

CLI users: To enable one or more actions, type "set appfw profile -denyURLaction" followed by the actions to be enabled. To turn off all actions, type "set appfw profile -denyURLaction none".
Possible values = none, block, learn, log, stats
refererheadercheck<String>Read-writeEnable validation of Referer headers.
Referer validation ensures that a web form that a user sends to your web site originally came from your web site, not an outside attacker.
Although this parameter is part of the Start URL check, referer validation protects against cross-site request forgery (CSRF) attacks, not Start URL attacks.
Default value: OFF
Possible values = OFF, if_present, AlwaysExceptStartURLs, AlwaysExceptFirstRequest
cookieconsistencyaction<String[]>Read-writeOne or more Cookie Consistency actions. Available settings function as follows:
* Block - Block connections that violate this security check.
* Learn - Use the learning engine to generate a list of exceptions to this security check.
* Log - Log violations of this security check.
* Stats - Generate statistics for this security check.
* None - Disable all actions for this security check.

CLI users: To enable one or more actions, type "set appfw profile -cookieConsistencyAction" followed by the actions to be enabled. To turn off all actions, type "set appfw profile -cookieConsistencyAction none".
Default value: none
Possible values = none, block, learn, log, stats
cookietransforms<String>Read-writePerform the specified type of cookie transformation.
Available settings function as follows:
* Encryption - Encrypt cookies.
* Proxying - Mask contents of server cookies by sending proxy cookie to users.
* Cookie flags - Flag cookies as HTTP only to prevent scripts on user's browser from accessing and possibly modifying them.
CAUTION: Make sure that this parameter is set to ON if you are configuring any cookie transformations. If it is set to OFF, no cookie transformations are performed regardless of any other settings.
Default value: OFF
Possible values = ON, OFF
cookieencryption<String>Read-writeType of cookie encryption. Available settings function as follows:
* None - Do not encrypt cookies.
* Decrypt Only - Decrypt encrypted cookies, but do not encrypt cookies.
* Encrypt Session Only - Encrypt session cookies, but not permanent cookies.
* Encrypt All - Encrypt all cookies.
Default value: none
Possible values = none, decryptOnly, encryptSessionOnly, encryptAll
cookieproxying<String>Read-writeCookie proxy setting. Available settings function as follows:
* None - Do not proxy cookies.
* Session Only - Proxy session cookies by using the Citrix ADC session ID, but do not proxy permanent cookies.
Default value: none
Possible values = none, sessionOnly
addcookieflags<String>Read-writeAdd the specified flags to cookies. Available settings function as follows:
* None - Do not add flags to cookies.
* HTTP Only - Add the HTTP Only flag to cookies, which prevents scripts from accessing cookies.
* Secure - Add Secure flag to cookies.
* All - Add both HTTPOnly and Secure flags to cookies.
Default value: none
Possible values = none, httpOnly, secure, all
fieldconsistencyaction<String[]>Read-writeOne or more Form Field Consistency actions. Available settings function as follows:
* Block - Block connections that violate this security check.
* Learn - Use the learning engine to generate a list of exceptions to this security check.
* Log - Log violations of this security check.
* Stats - Generate statistics for this security check.
* None - Disable all actions for this security check.

CLI users: To enable one or more actions, type "set appfw profile -fieldConsistencyaction" followed by the actions to be enabled. To turn off all actions, type "set appfw profile -fieldConsistencyAction none".
Default value: none
Possible values = none, block, learn, log, stats
csrftagaction<String[]>Read-writeOne or more Cross-Site Request Forgery (CSRF) Tagging actions. Available settings function as follows:
* Block - Block connections that violate this security check.
* Learn - Use the learning engine to generate a list of exceptions to this security check.
* Log - Log violations of this security check.
* Stats - Generate statistics for this security check.
* None - Disable all actions for this security check.

CLI users: To enable one or more actions, type "set appfw profile -CSRFTagAction" followed by the actions to be enabled. To turn off all actions, type "set appfw profile -CSRFTagAction none".
Default value: none
Possible values = none, block, learn, log, stats
crosssitescriptingaction<String[]>Read-writeOne or more Cross-Site Scripting (XSS) actions. Available settings function as follows:
* Block - Block connections that violate this security check.
* Learn - Use the learning engine to generate a list of exceptions to this security check.
* Log - Log violations of this security check.
* Stats - Generate statistics for this security check.
* None - Disable all actions for this security check.

CLI users: To enable one or more actions, type "set appfw profile -crossSiteScriptingAction" followed by the actions to be enabled. To turn off all actions, type "set appfw profile -crossSiteScriptingAction none".
Possible values = none, block, learn, log, stats
crosssitescriptingtransformunsafehtml<String>Read-writeTransform cross-site scripts. This setting configures the application firewall to disable dangerous HTML instead of blocking the request.
CAUTION: Make sure that this parameter is set to ON if you are configuring any cross-site scripting transformations. If it is set to OFF, no cross-site scripting transformations are performed regardless of any other settings.
Default value: OFF
Possible values = ON, OFF
crosssitescriptingcheckcompleteurls<String>Read-writeCheck complete URLs for cross-site scripts, instead of just the query portions of URLs.
Default value: OFF
Possible values = ON, OFF
sqlinjectionaction<String[]>Read-writeOne or more HTML SQL Injection actions. Available settings function as follows:
* Block - Block connections that violate this security check.
* Learn - Use the learning engine to generate a list of exceptions to this security check.
* Log - Log violations of this security check.
* Stats - Generate statistics for this security check.
* None - Disable all actions for this security check.

CLI users: To enable one or more actions, type "set appfw profile -SQLInjectionAction" followed by the actions to be enabled. To turn off all actions, type "set appfw profile -SQLInjectionAction none".
Possible values = none, block, learn, log, stats
sqlinjectiontransformspecialchars<String>Read-writeTransform injected SQL code. This setting configures the application firewall to disable SQL special strings instead of blocking the request. Since most SQL servers require a special string to activate an SQL keyword, in most cases a request that contains injected SQL code is safe if special strings are disabled.
CAUTION: Make sure that this parameter is set to ON if you are configuring any SQL injection transformations. If it is set to OFF, no SQL injection transformations are performed regardless of any other settings.
Default value: OFF
Possible values = ON, OFF
sqlinjectiononlycheckfieldswithsqlchars<String>Read-writeCheck only form fields that contain SQL special strings (characters) for injected SQL code.
Most SQL servers require a special string to activate an SQL request, so SQL code without a special string is harmless to most SQL servers.
Default value: ON
Possible values = ON, OFF
sqlinjectiontype<String>Read-writeAvailable SQL injection types.
-SQLSplChar : Checks for SQL Special Chars
-SQLKeyword : Checks for SQL Keywords
-SQLSplCharANDKeyword : Checks for both and blocks if both are found
-SQLSplCharORKeyword : Checks for both and blocks if anyone is found.
Default value: SQLSplCharANDKeyword
Possible values = SQLSplChar, SQLKeyword, SQLSplCharORKeyword, SQLSplCharANDKeyword
sqlinjectionchecksqlwildchars<String>Read-writeCheck for form fields that contain SQL wild chars .
Default value: OFF
Possible values = ON, OFF
fieldformataction<String[]>Read-writeOne or more Field Format actions. Available settings function as follows:
* Block - Block connections that violate this security check.
* Learn - Use the learning engine to generate a list of suggested web form fields and field format assignments.
* Log - Log violations of this security check.
* Stats - Generate statistics for this security check.
* None - Disable all actions for this security check.

CLI users: To enable one or more actions, type "set appfw profile -fieldFormatAction" followed by the actions to be enabled. To turn off all actions, type "set appfw profile -fieldFormatAction none".
Possible values = none, block, learn, log, stats
defaultfieldformattype<String>Read-writeDesignate a default field type to be applied to web form fields that do not have a field type explicitly assigned to them.
Minimum length = 1
defaultfieldformatminlength<Double>Read-writeMinimum length, in characters, for data entered into a field that is assigned the default field type.
To disable the minimum and maximum length settings and allow data of any length to be entered into the field, set this parameter to zero (0).
Default value: 0
Minimum value = 0
Maximum value = 2147483647
defaultfieldformatmaxlength<Double>Read-writeMaximum length, in characters, for data entered into a field that is assigned the default field type.
Default value: 65535
Minimum value = 1
Maximum value = 2147483647
bufferoverflowaction<String[]>Read-writeOne or more Buffer Overflow actions. Available settings function as follows:
* Block - Block connections that violate this security check.
* Log - Log violations of this security check.
* Stats - Generate statistics for this security check.
* None - Disable all actions for this security check.

CLI users: To enable one or more actions, type "set appfw profile -bufferOverflowAction" followed by the actions to be enabled. To turn off all actions, type "set appfw profile -bufferOverflowAction none".
Possible values = none, block, learn, log, stats
bufferoverflowmaxurllength<Double>Read-writeMaximum length, in characters, for URLs on your protected web sites. Requests with longer URLs are blocked.
Default value: 1024
Minimum value = 0
Maximum value = 65535
bufferoverflowmaxheaderlength<Double>Read-writeMaximum length, in characters, for HTTP headers in requests sent to your protected web sites. Requests with longer headers are blocked.
Default value: 4096
Minimum value = 0
Maximum value = 65535
bufferoverflowmaxcookielength<Double>Read-writeMaximum length, in characters, for cookies sent to your protected web sites. Requests with longer cookies are blocked.
Default value: 4096
Minimum value = 0
Maximum value = 65535
creditcardaction<String[]>Read-writeOne or more Credit Card actions. Available settings function as follows:
* Block - Block connections that violate this security check.
* Log - Log violations of this security check.
* Stats - Generate statistics for this security check.
* None - Disable all actions for this security check.

CLI users: To enable one or more actions, type "set appfw profile -creditCardAction" followed by the actions to be enabled. To turn off all actions, type "set appfw profile -creditCardAction none".
Default value: none
Possible values = none, block, learn, log, stats
creditcard<String[]>Read-writeCredit card types that the application firewall should protect.
Default value: none
Possible values = none, visa, mastercard, discover, amex, jcb, dinersclub
creditcardmaxallowed<Double>Read-writeThis parameter value is used by the block action. It represents the maximum number of credit card numbers that can appear on a web page served by your protected web sites. Pages that contain more credit card numbers are blocked.
Minimum value = 0
Maximum value = 255
creditcardxout<String>Read-writeMask any credit card number detected in a response by replacing each digit, except the digits in the final group, with the letter "X.".
Default value: OFF
Possible values = ON, OFF
dosecurecreditcardlogging<String>Read-writeSetting this option logs credit card numbers in the response when the match is found.
Default value: ON
Possible values = ON, OFF
streaming<String>Read-writeSetting this option converts content-length form submission requests (requests with content-type "application/x-www-form-urlencoded" or "multipart/form-data") to chunked requests when atleast one of the following protections : SQL injection protection, XSS protection, form field consistency protection, starturl closure, CSRF tagging is enabled. Please make sure that the backend server accepts chunked requests before enabling this option.
Default value: OFF
Possible values = ON, OFF
trace<String>Read-writeToggle the state of trace.
Default value: OFF
Possible values = ON, OFF
requestcontenttype<String>Read-writeDefault Content-Type header for requests.
A Content-Type header can contain 0-255 letters, numbers, and the hyphen (-) and underscore (_) characters.
Minimum length = 1
Maximum length = 255
responsecontenttype<String>Read-writeDefault Content-Type header for responses.
A Content-Type header can contain 0-255 letters, numbers, and the hyphen (-) and underscore (_) characters.
Minimum length = 1
Maximum length = 255
xmldosaction<String[]>Read-writeOne or more XML Denial-of-Service (XDoS) actions. Available settings function as follows:
* Block - Block connections that violate this security check.
* Learn - Use the learning engine to generate a list of exceptions to this security check.
* Log - Log violations of this security check.
* Stats - Generate statistics for this security check.
* None - Disable all actions for this security check.

CLI users: To enable one or more actions, type "set appfw profile -XMLDoSAction" followed by the actions to be enabled. To turn off all actions, type "set appfw profile -XMLDoSAction none".
Possible values = none, block, learn, log, stats
xmlformataction<String[]>Read-writeOne or more XML Format actions. Available settings function as follows:
* Block - Block connections that violate this security check.
* Log - Log violations of this security check.
* Stats - Generate statistics for this security check.
* None - Disable all actions for this security check.

CLI users: To enable one or more actions, type "set appfw profile -XMLFormatAction" followed by the actions to be enabled. To turn off all actions, type "set appfw profile -XMLFormatAction none".
Possible values = none, block, learn, log, stats
xmlsqlinjectionaction<String[]>Read-writeOne or more XML SQL Injection actions. Available settings function as follows:
* Block - Block connections that violate this security check.
* Log - Log violations of this security check.
* Stats - Generate statistics for this security check.
* None - Disable all actions for this security check.

CLI users: To enable one or more actions, type "set appfw profile -XMLSQLInjectionAction" followed by the actions to be enabled. To turn off all actions, type "set appfw profile -XMLSQLInjectionAction none".
Possible values = none, block, learn, log, stats
xmlsqlinjectiononlycheckfieldswithsqlchars<String>Read-writeCheck only form fields that contain SQL special characters, which most SQL servers require before accepting an SQL command, for injected SQL.
Default value: ON
Possible values = ON, OFF
xmlsqlinjectiontype<String>Read-writeAvailable SQL injection types.
-SQLSplChar : Checks for SQL Special Chars
-SQLKeyword : Checks for SQL Keywords
-SQLSplCharANDKeyword : Checks for both and blocks if both are found
-SQLSplCharORKeyword : Checks for both and blocks if anyone is found.
Default value: SQLSplCharANDKeyword
Possible values = SQLSplChar, SQLKeyword, SQLSplCharORKeyword, SQLSplCharANDKeyword
xmlsqlinjectionchecksqlwildchars<String>Read-writeCheck for form fields that contain SQL wild chars .
Default value: OFF
Possible values = ON, OFF
xmlsqlinjectionparsecomments<String>Read-writeParse comments in XML Data and exempt those sections of the request that are from the XML SQL Injection check. You must configure the type of comments that the application firewall is to detect and exempt from this security check. Available settings function as follows:
* Check all - Check all content.
* ANSI - Exempt content that is part of an ANSI (Mozilla-style) comment.
* Nested - Exempt content that is part of a nested (Microsoft-style) comment.
* ANSI Nested - Exempt content that is part of any type of comment.
Default value: checkall
Possible values = checkall, ansi, nested, ansinested
xmlxssaction<String[]>Read-writeOne or more XML Cross-Site Scripting actions. Available settings function as follows:
* Block - Block connections that violate this security check.
* Log - Log violations of this security check.
* Stats - Generate statistics for this security check.
* None - Disable all actions for this security check.

CLI users: To enable one or more actions, type "set appfw profile -XMLXSSAction" followed by the actions to be enabled. To turn off all actions, type "set appfw profile -XMLXSSAction none".
Possible values = none, block, learn, log, stats
xmlwsiaction<String[]>Read-writeOne or more Web Services Interoperability (WSI) actions. Available settings function as follows:
* Block - Block connections that violate this security check.
* Learn - Use the learning engine to generate a list of exceptions to this security check.
* Log - Log violations of this security check.
* Stats - Generate statistics for this security check.
* None - Disable all actions for this security check.

CLI users: To enable one or more actions, type "set appfw profile -XMLWSIAction" followed by the actions to be enabled. To turn off all actions, type "set appfw profile -XMLWSIAction none".
Possible values = none, block, learn, log, stats
xmlattachmentaction<String[]>Read-writeOne or more XML Attachment actions. Available settings function as follows:
* Block - Block connections that violate this security check.
* Learn - Use the learning engine to generate a list of exceptions to this security check.
* Log - Log violations of this security check.
* Stats - Generate statistics for this security check.
* None - Disable all actions for this security check.

CLI users: To enable one or more actions, type "set appfw profile -XMLAttachmentAction" followed by the actions to be enabled. To turn off all actions, type "set appfw profile -XMLAttachmentAction none".
Possible values = none, block, learn, log, stats
xmlvalidationaction<String[]>Read-writeOne or more XML Validation actions. Available settings function as follows:
* Block - Block connections that violate this security check.
* Log - Log violations of this security check.
* Stats - Generate statistics for this security check.
* None - Disable all actions for this security check.

CLI users: To enable one or more actions, type "set appfw profile -XMLValidationAction" followed by the actions to be enabled. To turn off all actions, type "set appfw profile -XMLValidationAction none".
Possible values = none, block, learn, log, stats
xmlerrorobject<String>Read-writeName to assign to the XML Error Object, which the application firewall displays when a user request is blocked.
Must begin with a letter, number, or the underscore character \(_\), and must contain only letters, numbers, and the hyphen \(-\), period \(.\) pound \(\#\), space \( \), at (@), equals \(=\), colon \(:\), and underscore characters. Cannot be changed after the XML error object is added.

The following requirement applies only to the Citrix ADC CLI:
If the name includes one or more spaces, enclose the name in double or single quotation marks \(for example, "my XML error object" or 'my XML error object'\).
Minimum length = 1
customsettings<String>Read-writeObject name for custom settings.
This check is applicable to Profile Type: HTML, XML. .
Minimum length = 1
signatures<String>Read-writeObject name for signatures.
This check is applicable to Profile Type: HTML, XML. .
Minimum length = 1
xmlsoapfaultaction<String[]>Read-writeOne or more XML SOAP Fault Filtering actions. Available settings function as follows:
* Block - Block connections that violate this security check.
* Log - Log violations of this security check.
* Stats - Generate statistics for this security check.
* None - Disable all actions for this security check.
* Remove - Remove all violations for this security check.

CLI users: To enable one or more actions, type "set appfw profile -XMLSOAPFaultAction" followed by the actions to be enabled. To turn off all actions, type "set appfw profile -XMLSOAPFaultAction none".
Possible values = none, block, log, remove, stats
usehtmlerrorobject<String>Read-writeSend an imported HTML Error object to a user when a request is blocked, instead of redirecting the user to the designated Error URL.
Default value: OFF
Possible values = ON, OFF
errorurl<String>Read-writeURL that application firewall uses as the Error URL.
Minimum length = 1
htmlerrorobject<String>Read-writeName to assign to the HTML Error Object.
Must begin with a letter, number, or the underscore character \(_\), and must contain only letters, numbers, and the hyphen \(-\), period \(.\) pound \(\#\), space \( \), at (@), equals \(=\), colon \(:\), and underscore characters. Cannot be changed after the HTML error object is added.

The following requirement applies only to the Citrix ADC CLI:
If the name includes one or more spaces, enclose the name in double or single quotation marks \(for example, "my HTML error object" or 'my HTML error object'\).
Minimum length = 1
logeverypolicyhit<String>Read-writeLog every profile match, regardless of security checks results.
Default value: OFF
Possible values = ON, OFF
stripcomments<String>Read-writeStrip HTML comments.
This check is applicable to Profile Type: HTML. .
Default value: OFF
Possible values = ON, OFF
striphtmlcomments<String>Read-writeStrip HTML comments before forwarding a web page sent by a protected web site in response to a user request.
Default value: none
Possible values = none, all, exclude_script_tag
stripxmlcomments<String>Read-writeStrip XML comments before forwarding a web page sent by a protected web site in response to a user request.
Default value: none
Possible values = none, all
exemptclosureurlsfromsecuritychecks<String>Read-writeExempt URLs that pass the Start URL closure check from SQL injection, cross-site script, field format and field consistency security checks at locations other than headers.
Default value: ON
Possible values = ON, OFF
defaultcharset<String>Read-writeDefault character set for protected web pages. Web pages sent by your protected web sites in response to user requests are assigned this character set if the page does not already specify a character set. The character sets supported by the application firewall are:
* iso-8859-1 (English US)
* big5 (Chinese Traditional)
* gb2312 (Chinese Simplified)
* sjis (Japanese Shift-JIS)
* euc-jp (Japanese EUC-JP)
* iso-8859-9 (Turkish)
* utf-8 (Unicode)
* euc-kr (Korean).
Minimum length = 1
Maximum length = 31
postbodylimit<Double>Read-writeMaximum allowed HTTP post body size, in bytes.
Default value: 20000000
fileuploadmaxnum<Double>Read-writeMaximum allowed number of file uploads per form-submission request. The maximum setting (65535) allows an unlimited number of uploads.
Default value: 65535
Minimum value = 0
Maximum value = 65535
canonicalizehtmlresponse<String>Read-writePerform HTML entity encoding for any special characters in responses sent by your protected web sites.
Default value: ON
Possible values = ON, OFF
enableformtagging<String>Read-writeEnable tagging of web form fields for use by the Form Field Consistency and CSRF Form Tagging checks.
Default value: ON
Possible values = ON, OFF
sessionlessfieldconsistency<String>Read-writePerform sessionless Field Consistency Checks.
Default value: OFF
Possible values = OFF, ON, postOnly
sessionlessurlclosure<String>Read-writeEnable session less URL Closure Checks.
This check is applicable to Profile Type: HTML. .
Default value: OFF
Possible values = ON, OFF
semicolonfieldseparator<String>Read-writeAllow ';' as a form field separator in URL queries and POST form bodies. .
Default value: OFF
Possible values = ON, OFF
excludefileuploadfromchecks<String>Read-writeExclude uploaded files from Form checks.
Default value: OFF
Possible values = ON, OFF
sqlinjectionparsecomments<String>Read-writeParse HTML comments and exempt them from the HTML SQL Injection check. You must specify the type of comments that the application firewall is to detect and exempt from this security check. Available settings function as follows:
* Check all - Check all content.
* ANSI - Exempt content that is part of an ANSI (Mozilla-style) comment.
* Nested - Exempt content that is part of a nested (Microsoft-style) comment.
* ANSI Nested - Exempt content that is part of any type of comment.
Possible values = checkall, ansi, nested, ansinested
invalidpercenthandling<String>Read-writeConfigure the method that the application firewall uses to handle percent-encoded names and values. Available settings function as follows:
* apache_mode - Apache format.
* asp_mode - Microsoft ASP format.
* secure_mode - Secure format.
Default value: secure_mode
Possible values = apache_mode, asp_mode, secure_mode
type<String[]>Read-writeApplication firewall profile type, which controls which security checks and settings are applied to content that is filtered with the profile. Available settings function as follows:
* HTML - HTML-based web sites.
* XML - XML-based web sites and services.
* HTML XML (Web 2.0) - Sites that contain both HTML and XML content, such as ATOM feeds, blogs, and RSS feeds.
Default value: HTML
Possible values = HTML, XML
checkrequestheaders<String>Read-writeCheck request headers as well as web forms for injected SQL and cross-site scripts.
Default value: OFF
Possible values = ON, OFF
optimizepartialreqs<String>Read-writeOptimize handle of HTTP partial requests i.e. those with range headers.
Available settings are as follows:
* ON - Partial requests by the client result in partial requests to the backend server in most cases.
* OFF - Partial requests by the client are changed to full requests to the backend server.
Default value: ON
Possible values = ON, OFF
urldecoderequestcookies<String>Read-writeURL Decode request cookies before subjecting them to SQL and cross-site scripting checks.
Default value: OFF
Possible values = ON, OFF
comment<String>Read-writeAny comments about the purpose of profile, or other useful information about the profile.
percentdecoderecursively<String>Read-writeConfigure whether the application firewall should use percentage recursive decoding.
Default value: ON
Possible values = ON, OFF
multipleheaderaction<String[]>Read-writeOne or more multiple header actions. Available settings function as follows:
* Block - Block connections that have multiple headers.
* Log - Log connections that have multiple headers.
* KeepLast - Keep only last header when multiple headers are present.

CLI users: To enable one or more actions, type "set appfw profile -multipleHeaderAction" followed by the actions to be enabled.
Possible values = block, keepLast, log, none
rfcprofile<String>Read-writeObject name of the rfc profile.
Minimum length = 1
archivename<String>Read-writeSource for tar archive.
Minimum length = 1
Maximum length = 31
state<String>Read-onlyEnabled.
Possible values = ENABLED, DISABLED
csrftag<String>Read-onlyThe web form originating URL.
builtin<Boolean>Read-onlyIndicates that a profile is a built-in entity.
__count<Double>Read-onlycount parameter

Operations

(click to see Properties)

ADD| DELETE| UPDATE| UNSET| RESTORE| GET (ALL)| GET| COUNT

Some options that you can use for each operations:

  • Getting warnings in response:NITRO allows you to get warnings in an operation by specifying the "warning" query parameter as "yes". For example, to get warnings while connecting to the NetScaler appliance, the URL is as follows:

    http://<netscaler-ip-address>/nitro/v1/config/login?warning=yes

    If any, the warnings are displayed in the response payload with the HTTP code "209 X-NITRO-WARNING".

  • Authenticated access for individual NITRO operations:NITRO allows you to logon to the NetScaler appliance to perform individual operations. You can use this option instead of creating a NITRO session (using the login object) and then using that session to perform all operations,

    To do this, you must specify the username and password in the request header of the NITRO request as follows:

    X-NITRO-USER:<username>

    X-NITRO-PASS:<password>

    Note:In such cases, make sure that the request header DOES not include the following:

    Cookie:NITRO_AUTH_TOKEN=<tokenvalue>

Note:

Mandatory parameters are marked in redand placeholder content is marked in <green>.

add

URL:http://<netscaler-ip-address>/nitro/v1/config/appfwprofile

HTTP Method:POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:

{"appfwprofile":{
<b>"name":<String_value>,
</b>"defaults":<String_value>,
"starturlaction":<String[]_value>,
"contenttypeaction":<String[]_value>,
"inspectcontenttypes":<String[]_value>,
"starturlclosure":<String_value>,
"denyurlaction":<String[]_value>,
"refererheadercheck":<String_value>,
"cookieconsistencyaction":<String[]_value>,
"cookietransforms":<String_value>,
"cookieencryption":<String_value>,
"cookieproxying":<String_value>,
"addcookieflags":<String_value>,
"fieldconsistencyaction":<String[]_value>,
"csrftagaction":<String[]_value>,
"crosssitescriptingaction":<String[]_value>,
"crosssitescriptingtransformunsafehtml":<String_value>,
"crosssitescriptingcheckcompleteurls":<String_value>,
"sqlinjectionaction":<String[]_value>,
"sqlinjectiontransformspecialchars":<String_value>,
"sqlinjectiononlycheckfieldswithsqlchars":<String_value>,
"sqlinjectiontype":<String_value>,
"sqlinjectionchecksqlwildchars":<String_value>,
"fieldformataction":<String[]_value>,
"defaultfieldformattype":<String_value>,
"defaultfieldformatminlength":<Double_value>,
"defaultfieldformatmaxlength":<Double_value>,
"bufferoverflowaction":<String[]_value>,
"bufferoverflowmaxurllength":<Double_value>,
"bufferoverflowmaxheaderlength":<Double_value>,
"bufferoverflowmaxcookielength":<Double_value>,
"creditcardaction":<String[]_value>,
"creditcard":<String[]_value>,
"creditcardmaxallowed":<Double_value>,
"creditcardxout":<String_value>,
"dosecurecreditcardlogging":<String_value>,
"streaming":<String_value>,
"trace":<String_value>,
"requestcontenttype":<String_value>,
"responsecontenttype":<String_value>,
"xmldosaction":<String[]_value>,
"xmlformataction":<String[]_value>,
"xmlsqlinjectionaction":<String[]_value>,
"xmlsqlinjectiononlycheckfieldswithsqlchars":<String_value>,
"xmlsqlinjectiontype":<String_value>,
"xmlsqlinjectionchecksqlwildchars":<String_value>,
"xmlsqlinjectionparsecomments":<String_value>,
"xmlxssaction":<String[]_value>,
"xmlwsiaction":<String[]_value>,
"xmlattachmentaction":<String[]_value>,
"xmlvalidationaction":<String[]_value>,
"xmlerrorobject":<String_value>,
"customsettings":<String_value>,
"signatures":<String_value>,
"xmlsoapfaultaction":<String[]_value>,
"usehtmlerrorobject":<String_value>,
"errorurl":<String_value>,
"htmlerrorobject":<String_value>,
"logeverypolicyhit":<String_value>,
"stripcomments":<String_value>,
"striphtmlcomments":<String_value>,
"stripxmlcomments":<String_value>,
"exemptclosureurlsfromsecuritychecks":<String_value>,
"defaultcharset":<String_value>,
"postbodylimit":<Double_value>,
"fileuploadmaxnum":<Double_value>,
"canonicalizehtmlresponse":<String_value>,
"enableformtagging":<String_value>,
"sessionlessfieldconsistency":<String_value>,
"sessionlessurlclosure":<String_value>,
"semicolonfieldseparator":<String_value>,
"excludefileuploadfromchecks":<String_value>,
"sqlinjectionparsecomments":<String_value>,
"invalidpercenthandling":<String_value>,
"type":<String[]_value>,
"checkrequestheaders":<String_value>,
"optimizepartialreqs":<String_value>,
"urldecoderequestcookies":<String_value>,
"comment":<String_value>,
"percentdecoderecursively":<String_value>,
"multipleheaderaction":<String[]_value>,
"rfcprofile":<String_value>
}}

Response:

HTTP Status Code on Success: 201 Created HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

delete

URL:http://<netscaler-ip-address>/nitro/v1/config/appfwprofile/name_value<String>

HTTP Method:DELETE

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue>

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

update

URL:http://<netscaler-ip-address>/nitro/v1/config/appfwprofile

HTTP Method:PUT

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:

{"appfwprofile":{
<b>"name":<String_value>,
</b>"starturlaction":<String[]_value>,
"contenttypeaction":<String[]_value>,
"inspectcontenttypes":<String[]_value>,
"starturlclosure":<String_value>,
"denyurlaction":<String[]_value>,
"refererheadercheck":<String_value>,
"cookieconsistencyaction":<String[]_value>,
"cookietransforms":<String_value>,
"cookieencryption":<String_value>,
"cookieproxying":<String_value>,
"addcookieflags":<String_value>,
"fieldconsistencyaction":<String[]_value>,
"csrftagaction":<String[]_value>,
"crosssitescriptingaction":<String[]_value>,
"crosssitescriptingtransformunsafehtml":<String_value>,
"crosssitescriptingcheckcompleteurls":<String_value>,
"sqlinjectionaction":<String[]_value>,
"sqlinjectiontransformspecialchars":<String_value>,
"sqlinjectiononlycheckfieldswithsqlchars":<String_value>,
"sqlinjectiontype":<String_value>,
"sqlinjectionchecksqlwildchars":<String_value>,
"fieldformataction":<String[]_value>,
"defaultfieldformattype":<String_value>,
"defaultfieldformatminlength":<Double_value>,
"defaultfieldformatmaxlength":<Double_value>,
"bufferoverflowaction":<String[]_value>,
"bufferoverflowmaxurllength":<Double_value>,
"bufferoverflowmaxheaderlength":<Double_value>,
"bufferoverflowmaxcookielength":<Double_value>,
"creditcardaction":<String[]_value>,
"creditcard":<String[]_value>,
"creditcardmaxallowed":<Double_value>,
"creditcardxout":<String_value>,
"dosecurecreditcardlogging":<String_value>,
"streaming":<String_value>,
"trace":<String_value>,
"requestcontenttype":<String_value>,
"responsecontenttype":<String_value>,
"xmldosaction":<String[]_value>,
"xmlformataction":<String[]_value>,
"xmlsqlinjectionaction":<String[]_value>,
"xmlsqlinjectiononlycheckfieldswithsqlchars":<String_value>,
"xmlsqlinjectiontype":<String_value>,
"xmlsqlinjectionchecksqlwildchars":<String_value>,
"xmlsqlinjectionparsecomments":<String_value>,
"xmlxssaction":<String[]_value>,
"xmlwsiaction":<String[]_value>,
"xmlattachmentaction":<String[]_value>,
"xmlvalidationaction":<String[]_value>,
"xmlerrorobject":<String_value>,
"customsettings":<String_value>,
"signatures":<String_value>,
"xmlsoapfaultaction":<String[]_value>,
"usehtmlerrorobject":<String_value>,
"errorurl":<String_value>,
"htmlerrorobject":<String_value>,
"logeverypolicyhit":<String_value>,
"stripcomments":<String_value>,
"striphtmlcomments":<String_value>,
"stripxmlcomments":<String_value>,
"exemptclosureurlsfromsecuritychecks":<String_value>,
"defaultcharset":<String_value>,
"postbodylimit":<Double_value>,
"fileuploadmaxnum":<Double_value>,
"canonicalizehtmlresponse":<String_value>,
"enableformtagging":<String_value>,
"sessionlessfieldconsistency":<String_value>,
"sessionlessurlclosure":<String_value>,
"semicolonfieldseparator":<String_value>,
"excludefileuploadfromchecks":<String_value>,
"sqlinjectionparsecomments":<String_value>,
"invalidpercenthandling":<String_value>,
"type":<String[]_value>,
"checkrequestheaders":<String_value>,
"optimizepartialreqs":<String_value>,
"urldecoderequestcookies":<String_value>,
"comment":<String_value>,
"percentdecoderecursively":<String_value>,
"multipleheaderaction":<String[]_value>,
"rfcprofile":<String_value>
}}

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

unset

URL:http://<netscaler-ip-address>/nitro/v1/config/appfwprofile?action=unset

HTTP Method:POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:

{"appfwprofile":{
<b>"name":<String_value>,
</b>"starturlaction":true,
"contenttypeaction":true,
"inspectcontenttypes":true,
"starturlclosure":true,
"denyurlaction":true,
"refererheadercheck":true,
"cookieconsistencyaction":true,
"cookietransforms":true,
"cookieencryption":true,
"cookieproxying":true,
"addcookieflags":true,
"fieldconsistencyaction":true,
"csrftagaction":true,
"crosssitescriptingaction":true,
"crosssitescriptingtransformunsafehtml":true,
"crosssitescriptingcheckcompleteurls":true,
"sqlinjectionaction":true,
"sqlinjectiontransformspecialchars":true,
"sqlinjectiononlycheckfieldswithsqlchars":true,
"sqlinjectiontype":true,
"sqlinjectionchecksqlwildchars":true,
"fieldformataction":true,
"defaultfieldformattype":true,
"defaultfieldformatminlength":true,
"defaultfieldformatmaxlength":true,
"bufferoverflowaction":true,
"bufferoverflowmaxurllength":true,
"bufferoverflowmaxheaderlength":true,
"bufferoverflowmaxcookielength":true,
"creditcardaction":true,
"creditcard":true,
"creditcardmaxallowed":true,
"creditcardxout":true,
"dosecurecreditcardlogging":true,
"streaming":true,
"trace":true,
"requestcontenttype":true,
"responsecontenttype":true,
"xmldosaction":true,
"xmlformataction":true,
"xmlsqlinjectionaction":true,
"xmlsqlinjectiononlycheckfieldswithsqlchars":true,
"xmlsqlinjectiontype":true,
"xmlsqlinjectionchecksqlwildchars":true,
"xmlsqlinjectionparsecomments":true,
"xmlxssaction":true,
"xmlwsiaction":true,
"xmlattachmentaction":true,
"xmlvalidationaction":true,
"xmlerrorobject":true,
"customsettings":true,
"signatures":true,
"xmlsoapfaultaction":true,
"usehtmlerrorobject":true,
"errorurl":true,
"htmlerrorobject":true,
"logeverypolicyhit":true,
"stripcomments":true,
"striphtmlcomments":true,
"stripxmlcomments":true,
"exemptclosureurlsfromsecuritychecks":true,
"defaultcharset":true,
"postbodylimit":true,
"fileuploadmaxnum":true,
"canonicalizehtmlresponse":true,
"enableformtagging":true,
"sessionlessfieldconsistency":true,
"sessionlessurlclosure":true,
"semicolonfieldseparator":true,
"excludefileuploadfromchecks":true,
"sqlinjectionparsecomments":true,
"invalidpercenthandling":true,
"type":true,
"checkrequestheaders":true,
"optimizepartialreqs":true,
"urldecoderequestcookies":true,
"comment":true,
"percentdecoderecursively":true,
"multipleheaderaction":true,
"rfcprofile":true
}}

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

restore

URL:http://<netscaler-ip-address>/nitro/v1/config/appfwprofile?action=restore

HTTP Method:POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:

{"appfwprofile":{
<b>"archivename":<String_value>
</b>}}

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

get (all)

URL:http://<netscaler-ip-address>/nitro/v1/config/appfwprofile

Query-parameters:

attrs

http://<netscaler-ip-address>/nitro/v1/config/appfwprofile?attrs=property-name1,property-name2

Use this query parameter to specify the resource details that you want to retrieve.

filter

http://<netscaler-ip-address>/nitro/v1/config/appfwprofile?filter=property-name1:property-val1,property-name2:property-val2

Use this query-parameter to get the filtered set of appfwprofile resources configured on NetScaler.Filtering can be done on any of the properties of the resource.

view

http://<netscaler-ip-address>/nitro/v1/config/appfwprofile?view=summary

Note:By default, the retrieved results are displayed in detail view (?view=detail).

pagination

http://<netscaler-ip-address>/nitro/v1/config/appfwprofile?pagesize=#no;pageno=#no

Use this query-parameter to get the appfwprofile resources in chunks.

HTTP Method:GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Accept:application/json

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the errorResponse Headers:

Content-Type:application/json

Response Payload:

{ "appfwprofile": [ {
"name":<String_value>,
"type":<String[]_value>,
"state":<String_value>,
"defaults":<String_value>,
"usehtmlerrorobject":<String_value>,
"errorurl":<String_value>,
"htmlerrorobject":<String_value>,
"logeverypolicyhit":<String_value>,
"stripcomments":<String_value>,
"striphtmlcomments":<String_value>,
"stripxmlcomments":<String_value>,
"defaultcharset":<String_value>,
"postbodylimit":<Double_value>,
"fileuploadmaxnum":<Double_value>,
"canonicalizehtmlresponse":<String_value>,
"enableformtagging":<String_value>,
"sessionlessfieldconsistency":<String_value>,
"sessionlessurlclosure":<String_value>,
"semicolonfieldseparator":<String_value>,
"excludefileuploadfromchecks":<String_value>,
"sqlinjectionparsecomments":<String_value>,
"checkrequestheaders":<String_value>,
"optimizepartialreqs":<String_value>,
"urldecoderequestcookies":<String_value>,
"starturlaction":<String[]_value>,
"contenttypeaction":<String[]_value>,
"inspectcontenttypes":<String[]_value>,
"starturlclosure":<String_value>,
"denyurlaction":<String[]_value>,
"refererheadercheck":<String_value>,
"csrftagaction":<String[]_value>,
"csrftag":<String_value>,
"crosssitescriptingaction":<String[]_value>,
"crosssitescriptingtransformunsafehtml":<String_value>,
"crosssitescriptingcheckcompleteurls":<String_value>,
"exemptclosureurlsfromsecuritychecks":<String_value>,
"sqlinjectionaction":<String[]_value>,
"sqlinjectiontransformspecialchars":<String_value>,
"sqlinjectiononlycheckfieldswithsqlchars":<String_value>,
"sqlinjectiontype":<String_value>,
"sqlinjectionchecksqlwildchars":<String_value>,
"invalidpercenthandling":<String_value>,
"fieldconsistencyaction":<String[]_value>,
"cookieconsistencyaction":<String[]_value>,
"cookietransforms":<String_value>,
"cookieencryption":<String_value>,
"cookieproxying":<String_value>,
"addcookieflags":<String_value>,
"bufferoverflowaction":<String[]_value>,
"bufferoverflowmaxurllength":<Double_value>,
"bufferoverflowmaxheaderlength":<Double_value>,
"bufferoverflowmaxcookielength":<Double_value>,
"fieldformataction":<String[]_value>,
"defaultfieldformattype":<String_value>,
"defaultfieldformatminlength":<Double_value>,
"defaultfieldformatmaxlength":<Double_value>,
"creditcardaction":<String[]_value>,
"creditcard":<String[]_value>,
"creditcardmaxallowed":<Double_value>,
"creditcardxout":<String_value>,
"dosecurecreditcardlogging":<String_value>,
"streaming":<String_value>,
"trace":<String_value>,
"requestcontenttype":<String_value>,
"responsecontenttype":<String_value>,
"xmlerrorobject":<String_value>,
"signatures":<String_value>,
"xmlformataction":<String[]_value>,
"xmldosaction":<String[]_value>,
"xmlsqlinjectionaction":<String[]_value>,
"xmlsqlinjectiononlycheckfieldswithsqlchars":<String_value>,
"xmlsqlinjectiontype":<String_value>,
"xmlsqlinjectionchecksqlwildchars":<String_value>,
"xmlsqlinjectionparsecomments":<String_value>,
"xmlxssaction":<String[]_value>,
"xmlwsiaction":<String[]_value>,
"xmlattachmentaction":<String[]_value>,
"xmlvalidationaction":<String[]_value>,
"xmlsoapfaultaction":<String[]_value>,
"builtin":<Boolean_value>,
"comment":<String_value>,
"percentdecoderecursively":<String_value>,
"multipleheaderaction":<String[]_value>,
"rfcprofile":<String_value>
}]}

get

URL:http://<netscaler-ip-address>/nitro/v1/config/appfwprofile/name_value<String>

Query-parameters:

attrs

http://<netscaler-ip-address>/nitro/v1/config/appfwprofile/name_value<String>?attrs=property-name1,property-name2

Use this query parameter to specify the resource details that you want to retrieve.

view

http://<netscaler-ip-address>/nitro/v1/config/appfwprofile/name_value<String>?view=summary

Note:By default, the retrieved results are displayed in detail view (?view=detail).

HTTP Method:GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Accept:application/json

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the errorResponse Headers:

Content-Type:application/json

Response Payload:

{ "appfwprofile": [ {
"name":<String_value>,
"type":<String[]_value>,
"state":<String_value>,
"defaults":<String_value>,
"usehtmlerrorobject":<String_value>,
"errorurl":<String_value>,
"htmlerrorobject":<String_value>,
"logeverypolicyhit":<String_value>,
"stripcomments":<String_value>,
"striphtmlcomments":<String_value>,
"stripxmlcomments":<String_value>,
"defaultcharset":<String_value>,
"postbodylimit":<Double_value>,
"fileuploadmaxnum":<Double_value>,
"canonicalizehtmlresponse":<String_value>,
"enableformtagging":<String_value>,
"sessionlessfieldconsistency":<String_value>,
"sessionlessurlclosure":<String_value>,
"semicolonfieldseparator":<String_value>,
"excludefileuploadfromchecks":<String_value>,
"sqlinjectionparsecomments":<String_value>,
"checkrequestheaders":<String_value>,
"optimizepartialreqs":<String_value>,
"urldecoderequestcookies":<String_value>,
"starturlaction":<String[]_value>,
"contenttypeaction":<String[]_value>,
"inspectcontenttypes":<String[]_value>,
"starturlclosure":<String_value>,
"denyurlaction":<String[]_value>,
"refererheadercheck":<String_value>,
"csrftagaction":<String[]_value>,
"csrftag":<String_value>,
"crosssitescriptingaction":<String[]_value>,
"crosssitescriptingtransformunsafehtml":<String_value>,
"crosssitescriptingcheckcompleteurls":<String_value>,
"exemptclosureurlsfromsecuritychecks":<String_value>,
"sqlinjectionaction":<String[]_value>,
"sqlinjectiontransformspecialchars":<String_value>,
"sqlinjectiononlycheckfieldswithsqlchars":<String_value>,
"sqlinjectiontype":<String_value>,
"sqlinjectionchecksqlwildchars":<String_value>,
"invalidpercenthandling":<String_value>,
"fieldconsistencyaction":<String[]_value>,
"cookieconsistencyaction":<String[]_value>,
"cookietransforms":<String_value>,
"cookieencryption":<String_value>,
"cookieproxying":<String_value>,
"addcookieflags":<String_value>,
"bufferoverflowaction":<String[]_value>,
"bufferoverflowmaxurllength":<Double_value>,
"bufferoverflowmaxheaderlength":<Double_value>,
"bufferoverflowmaxcookielength":<Double_value>,
"fieldformataction":<String[]_value>,
"defaultfieldformattype":<String_value>,
"defaultfieldformatminlength":<Double_value>,
"defaultfieldformatmaxlength":<Double_value>,
"creditcardaction":<String[]_value>,
"creditcard":<String[]_value>,
"creditcardmaxallowed":<Double_value>,
"creditcardxout":<String_value>,
"dosecurecreditcardlogging":<String_value>,
"streaming":<String_value>,
"trace":<String_value>,
"requestcontenttype":<String_value>,
"responsecontenttype":<String_value>,
"xmlerrorobject":<String_value>,
"signatures":<String_value>,
"xmlformataction":<String[]_value>,
"xmldosaction":<String[]_value>,
"xmlsqlinjectionaction":<String[]_value>,
"xmlsqlinjectiononlycheckfieldswithsqlchars":<String_value>,
"xmlsqlinjectiontype":<String_value>,
"xmlsqlinjectionchecksqlwildchars":<String_value>,
"xmlsqlinjectionparsecomments":<String_value>,
"xmlxssaction":<String[]_value>,
"xmlwsiaction":<String[]_value>,
"xmlattachmentaction":<String[]_value>,
"xmlvalidationaction":<String[]_value>,
"xmlsoapfaultaction":<String[]_value>,
"builtin":<Boolean_value>,
"comment":<String_value>,
"percentdecoderecursively":<String_value>,
"multipleheaderaction":<String[]_value>,
"rfcprofile":<String_value>
}]}

count

URL:http://<netscaler-ip-address>/nitro/v1/config/appfwprofile?count=yes

HTTP Method:GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Accept:application/json

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the errorResponse Headers:

Content-Type:application/json

Response Payload:

{ "appfwprofile": [ { "__count": "#no"} ] }