Citrix Systems 9.2 Benutzerhandbuch

PPENDIX

Tutorial Examples of Classic Policies

Following are useful examples of classic policy configuration for certain
NetScaler features such as Access Gateway, Application Firewall, and SSL.

In This Appendix

Access Gateway Policy to Check for a Valid Client Certificate

Application Firewall Policy to Protect a Shopping Cart Application

Application Firewall Policy to Protect Scripted Web Pages

DNS Policy to Drop Packets from Specific IPs

SSL Policy to Require Valid Client Certificates

Access Gateway Policy to Check for a Valid Client

Certificate

The following policies enable the NetScaler to ensure that a client presents a valid
certificate before establishing a connection to a company’s SSL VPN.

To check for a valid client certificate by using the NetScaler command line

At a NetScaler command prompt, create an Access Gateway profile named
act_current_client_cert

that requires that users have a current

client certificate to establish an SSL connection with the Access Gateway
or NetScaler.

add ssl action act_current_client_cert-clientAuth DOCLIENTAUTH

-clientCert ENABLED -certHeader

"header_of_client_certificate_issued_by_your_company"

-clientCertNotBefore ENABLED -certNotBeforeHeader "Mon, 01 Jan

2007 00:00:00 GMT"

To create an SSL policy named client_cert_policy that detects
connections to the Web server that contain a query string, type: