The following blog article a result of experience gained in the field. The CTX138858 article which has the signature auto-update feature of Application Firewall. This process is pretty seamless and straight forward when the NetScalers have access to the Internet, but can be problematic when they have no access to the Internet. The article describes the process of how to download the required files manually and to orchestrate in a manner that the NetScaler for the consumer expects. This blog article has a script that I wrote to automate this process.
The same URL can be used to configure on the NetScaler for the auto-update settings for the Application Firewall signatures. Subsequently, the PowerShell script can be used with the scheduled tasks function of the Windows operating system in conjunction and can be configured to be performed as often as desired.
The following is the script in its entirety
$ AppFirewallSignaturesURL =
"https: //s3.amazonaws .com / NSAppFwSignatures / SignaturesMapping.xml "
$ SignatureFileLocation =" C: Signatures SignaturesMapping .xml "
$ SignatureURLRoot =" https://s3.amazonaws.com/NSAppFwSignatures/"
$ download Location = "C: Signatures " $ WebClient = New-Object
System.Net.WebClient
$ WebClient.DownloadFileAsync ($ AppFirewallSignaturesURL
$ SignatureFileLocation) Start-Sleep -s $ 5 GetMainSignatureXMLFile =
Get-content $ SignatureFileLocation foreach ($ line in
$ GetMainSignatureXMLFile) {if ($ line -match "") {$ BeginTag
= $ line.Replace ( "", "") $ ENDTAG = $ BeginTag. Replace ( ""
"") $ XMLFileName = $ EndTag.Replace ( "sigs /", "") $ WebClient = new
object System.Net.WebClient
$ WebClient.DownloadFileAsync ($ SignatureURLRoot +
$ EndTag.Trim (), $ download Location + $ XMLFileName.Trim ())} if ($ line
-match "") {$ BeginTagSha = $ line.Replace ( "", "")
$ EndTagSha = $ BeginTagSha.Replace ( "", "")
$ ShaFileName = $ EndTagSha.Replace ( "sigs /", "") $ WebClient = New-Object
System.Net.WebClient $ WebClient.DownloadFileAsync ($ SignatureURLRoot +
$ EndTagSha.Trim (), $ download Location + $ ShaFileName.Trim ())}}
the second part of this process is a Web server set up in the area that the NetScaler network has access. Then the NetScaler will be able to obtain the signatures of this web server. First, navigate from the same machine to IIS Manager, holds the signatures. Right click on "Default Web Site" and select "Add Virtual Directory".
short cut menu
Then to the directory where the signatures mapping file is, also specify an "alias" name. In this example, I gave him the name of the same directory that contains the signatures:
Virtual Directory
Once the virtual directory created right, that was just created, and choose "to use Convert":
In applying
As can be seen below, is to change the symbol to reflect the change:
application
the "sigs" subdirectory that is required is also there as a virtual directory:
subdirectory
at this point, you can navigate to the site by the FQDN or IP address of the Web server, with the same URL for the used
Signature URL
This same URL, configure the NetScaler for the auto update settings: the signatures of the Amazon Web site access for the Application firewall signatures. Subsequently, the PowerShell script used feature in conjunction with the scheduled tasks of the Windows operating system and can be configured to be performed as often as desired.
0 Komentar