ADC NITRO APIs

appfwprofile

Configuration for application firewall profile resource.

Properties

(click to see Operations )

Name Data Type Permissions Description
name Read-write Name for the profile. Must begin with a letter, number, or the underscore character (), and must contain only letters, numbers, and the hyphen (-), period (.), pound (#), space ( ), at (@), equals (=), colon (:), and underscore () characters. Cannot be changed after the profile is added. The following requirement applies only to the Citrix ADC CLI If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my profile” or ‘my profile’). Minimum length = 1
defaults Read-write Default configuration to apply to the profile. Basic defaults are intended for standard content that requires little further configuration, such as static web site content. Advanced defaults are intended for specialized content that requires significant specialized configuration, such as heavily scripted or dynamic content.



CLI users: When adding an application firewall profile, you can set either the defaults or the type, but not both. To set both options, create the profile by using the add appfw profile command, and then use the set appfw profile command to configure the other option.

Possible values = basic, advanced, core, cve
starturlaction <String[]> Read-write One or more Start URL actions. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Learn - Use the learning engine to generate a list of exceptions to this security check.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -startURLaction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -startURLaction none”. Possible values = none, block, learn, log, stats
  • infercontenttypexmlpayloadaction <String[]> Read-write One or more infer content type payload actions. Available settings function as follows
  • Block - Block connections that have mismatch in content-type header and payload.
  • Log - Log connections that have mismatch in content-type header and payload. The mismatched content-type in HTTP request header will be logged for the request.
  • Stats - Generate statistics when there is mismatch in content-type header and payload.
  • None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -inferContentTypeXMLPayloadAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -inferContentTypeXMLPayloadAction none”. Please note “none” action cannot be used with any other action type. Possible values = block, log, stats, none
  • contenttypeaction <String[]> Read-write One or more Content-type actions. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Learn - Use the learning engine to generate a list of exceptions to this security check.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -contentTypeaction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -contentTypeaction none”. Possible values = none, block, learn, log, stats
  • inspectcontenttypes <String[]> Read-write One or more InspectContentType lists.

    * application/x-www-form-urlencoded

    * multipart/form-data

    * text/x-gwt-rpc



    CLI users: To enable, type “set appfw profile -InspectContentTypes” followed by the content types to be inspected.

    Possible values = none, application/x-www-form-urlencoded, multipart/form-data, text/x-gwt-rpc, application/grpc, application/grpc-web+json, application/grpc-web-text
    starturlclosure Read-write Toggle the state of Start URL Closure.

    Default value: OFF

    Possible values = ON, OFF
    denyurlaction <String[]> Read-write One or more Deny URL actions. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check. NOTE: The Deny URL check takes precedence over the Start URL check. If you enable blocking for the Deny URL check, the application firewall blocks any URL that is explicitly blocked by a Deny URL, even if the same URL would otherwise be allowed by the Start URL check. CLI users: To enable one or more actions, type “set appfw profile -denyURLaction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -denyURLaction none”. Possible values = none, block, log, stats
  • refererheadercheck Read-write Enable validation of Referer headers.

    Referer validation ensures that a web form that a user sends to your web site originally came from your web site, not an outside attacker.

    Although this parameter is part of the Start URL check, referer validation protects against cross-site request forgery (CSRF) attacks, not Start URL attacks.

    Default value: OFF

    Possible values = OFF, if_present, AlwaysExceptStartURLs, AlwaysExceptFirstRequest
    cookieconsistencyaction <String[]> Read-write One or more Cookie Consistency actions. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Learn - Use the learning engine to generate a list of exceptions to this security check.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -cookieConsistencyAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -cookieConsistencyAction none”. Default value: none Possible values = none, block, learn, log, stats
  • cookiehijackingaction <String[]> Read-write One or more actions to prevent cookie hijacking. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check. NOTE: Cookie Hijacking feature is not supported for TLSv1.3 CLI users: To enable one or more actions, type “set appfw profile -cookieHijackingAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -cookieHijackingAction none”. Default value: none Possible values = none, block, log, stats
  • cookietransforms Read-write Perform the specified type of cookie transformation. Available settings function as follows
  • Encryption - Encrypt cookies.
  • Proxying - Mask contents of server cookies by sending proxy cookie to users.
  • Cookie flags - Flag cookies as HTTP only to prevent scripts on user’s browser from accessing and possibly modifying them. CAUTION: Make sure that this parameter is set to ON if you are configuring any cookie transformations. If it is set to OFF, no cookie transformations are performed regardless of any other settings. Default value: OFF Possible values = ON, OFF
  • cookieencryption Read-write Type of cookie encryption. Available settings function as follows
  • None - Do not encrypt cookies.
  • Decrypt Only - Decrypt encrypted cookies, but do not encrypt cookies.
  • Encrypt Session Only - Encrypt session cookies, but not permanent cookies.
  • Encrypt All - Encrypt all cookies. Default value: none Possible values = none, decryptOnly, encryptSessionOnly, encryptAll
  • cookieproxying Read-write Cookie proxy setting. Available settings function as follows
  • None - Do not proxy cookies.
  • Session Only - Proxy session cookies by using the Citrix ADC session ID, but do not proxy permanent cookies. Default value: none Possible values = none, sessionOnly
  • addcookieflags Read-write Add the specified flags to cookies. Available settings function as follows
  • None - Do not add flags to cookies.
  • HTTP Only - Add the HTTP Only flag to cookies, which prevents scripts from accessing cookies.
  • Secure - Add Secure flag to cookies.
  • All - Add both HTTPOnly and Secure flags to cookies. Default value: none Possible values = none, httpOnly, secure, all
  • fieldconsistencyaction <String[]> Read-write One or more Form Field Consistency actions. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Learn - Use the learning engine to generate a list of exceptions to this security check.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -fieldConsistencyaction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -fieldConsistencyAction none”. Default value: none Possible values = none, block, learn, log, stats
  • csrftagaction <String[]> Read-write One or more Cross-Site Request Forgery (CSRF) Tagging actions. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Learn - Use the learning engine to generate a list of exceptions to this security check.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -CSRFTagAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -CSRFTagAction none”. Default value: none Possible values = none, block, learn, log, stats
  • crosssitescriptingaction <String[]> Read-write One or more Cross-Site Scripting (XSS) actions. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Learn - Use the learning engine to generate a list of exceptions to this security check.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -crossSiteScriptingAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -crossSiteScriptingAction none”. Possible values = none, block, learn, log, stats
  • crosssitescriptingtransformunsafehtml Read-write Transform cross-site scripts. This setting configures the application firewall to disable dangerous HTML instead of blocking the request.

    CAUTION: Make sure that this parameter is set to ON if you are configuring any cross-site scripting transformations. If it is set to OFF, no cross-site scripting transformations are performed regardless of any other settings.

    Default value: OFF

    Possible values = ON, OFF
    crosssitescriptingcheckcompleteurls Read-write Check complete URLs for cross-site scripts, instead of just the query portions of URLs.

    Default value: OFF

    Possible values = ON, OFF
    sqlinjectionaction <String[]> Read-write One or more HTML SQL Injection actions. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Learn - Use the learning engine to generate a list of exceptions to this security check.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -SQLInjectionAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -SQLInjectionAction none”. Possible values = none, block, learn, log, stats
  • cmdinjectionaction <String[]> Read-write Command injection action. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -cmdInjectionAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -cmdInjectionAction none”. Default value: none Possible values = none, block, log, stats
  • cmdinjectiontype Read-write Available CMD injection types.

    -CMDSplChar : Checks for CMD Special Chars

    -CMDKeyword : Checks for CMD Keywords

    -CMDSplCharANDKeyword : Checks for both and blocks if both are found

    -CMDSplCharORKeyword : Checks for both and blocks if anyone is found,

    -None : Disables checking using both CMD Special Char and Keyword.

    Default value: CMDSplCharANDKeyword

    Possible values = CMDSplChar, CMDKeyword, CMDSplCharORKeyword, CMDSplCharANDKeyword, None
    sqlinjectiongrammar Read-write Check for SQL injection using SQL grammar.

    Default value: OFF

    Possible values = ON, OFF
    cmdinjectiongrammar Read-write Check for CMD injection using CMD grammar.

    Default value: OFF

    Possible values = ON, OFF
    fieldscan Read-write Check if formfield limit scan is ON or OFF.

    Default value: OFF

    Possible values = ON, OFF
    fieldscanlimit Read-write Field scan limit value for HTML.

    Default value: 2048

    Minimum value = 0

    Maximum value = 16384
    jsonfieldscan Read-write Check if JSON field limit scan is ON or OFF.

    Default value: OFF

    Possible values = ON, OFF
    jsonfieldscanlimit Read-write Field scan limit value for JSON.

    Default value: 2048

    Minimum value = 0

    Maximum value = 16384
    messagescan Read-write Check if HTML message limit scan is ON or OFF.

    Default value: OFF

    Possible values = ON, OFF
    messagescanlimit Read-write Message scan limit value for HTML.

    Default value: 1000000

    Minimum value = 0

    Maximum value = 8000000
    jsonmessagescan Read-write Check if JSON message limit scan is ON or OFF.

    Default value: OFF

    Possible values = ON, OFF
    jsonmessagescanlimit Read-write Message scan limit value for JSON.

    Default value: 1000000

    Minimum value = 0

    Maximum value = 8000000
    messagescanlimitcontenttypes <String[]> Read-write Enable Message Scan Limit for following content types.

    Default value: NONE

    Possible values = FORM-DATA, JSON, NONE
    sqlinjectiontransformspecialchars Read-write Transform injected SQL code. This setting configures the application firewall to disable SQL special strings instead of blocking the request. Since most SQL servers require a special string to activate an SQL keyword, in most cases a request that contains injected SQL code is safe if special strings are disabled.

    CAUTION: Make sure that this parameter is set to ON if you are configuring any SQL injection transformations. If it is set to OFF, no SQL injection transformations are performed regardless of any other settings.

    Default value: OFF

    Possible values = ON, OFF
    sqlinjectiononlycheckfieldswithsqlchars Read-write Check only form fields that contain SQL special strings (characters) for injected SQL code.

    Most SQL servers require a special string to activate an SQL request, so SQL code without a special string is harmless to most SQL servers.

    Default value: ON

    Possible values = ON, OFF
    sqlinjectiontype Read-write Available SQL injection types.

    -SQLSplChar : Checks for SQL Special Chars

    -SQLKeyword : Checks for SQL Keywords

    -SQLSplCharANDKeyword : Checks for both and blocks if both are found

    -SQLSplCharORKeyword : Checks for both and blocks if anyone is found

    -None : Disables checking using both SQL Special Char and Keyword.

    Default value: SQLSplCharANDKeyword

    Possible values = SQLSplChar, SQLKeyword, SQLSplCharORKeyword, SQLSplCharANDKeyword, None
    sqlinjectionchecksqlwildchars Read-write Check for form fields that contain SQL wild chars .

    Default value: OFF

    Possible values = ON, OFF
    fieldformataction <String[]> Read-write One or more Field Format actions. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Learn - Use the learning engine to generate a list of suggested web form fields and field format assignments.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -fieldFormatAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -fieldFormatAction none”. Possible values = none, block, learn, log, stats
  • defaultfieldformattype Read-write Designate a default field type to be applied to web form fields that do not have a field type explicitly assigned to them.

    Minimum length = 1
    defaultfieldformatminlength Read-write Minimum length, in characters, for data entered into a field that is assigned the default field type.

    To disable the minimum and maximum length settings and allow data of any length to be entered into the field, set this parameter to zero (0).

    Default value: 0

    Minimum value = 0

    Maximum value = 2147483647
    defaultfieldformatmaxlength Read-write Maximum length, in characters, for data entered into a field that is assigned the default field type.

    Default value: 65535

    Minimum value = 1

    Maximum value = 2147483647
    bufferoverflowaction <String[]> Read-write One or more Buffer Overflow actions. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -bufferOverflowAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -bufferOverflowAction none”. Possible values = none, block, log, stats
  • grpcaction <String[]> Read-write gRPC validation.

    Possible values = none, block, log, stats
    restaction <String[]> Read-write rest validation.

    Possible values = none, block, log, stats
    bufferoverflowmaxurllength Read-write Maximum length, in characters, for URLs on your protected web sites. Requests with longer URLs are blocked.

    Default value: 1024

    Minimum value = 0

    Maximum value = 65535
    bufferoverflowmaxheaderlength Read-write Maximum length, in characters, for HTTP headers in requests sent to your protected web sites. Requests with longer headers are blocked.

    Default value: 4096

    Minimum value = 0

    Maximum value = 65535
    bufferoverflowmaxcookielength Read-write Maximum length, in characters, for cookies sent to your protected web sites. Requests with longer cookies are blocked.

    Default value: 4096

    Minimum value = 0

    Maximum value = 65535
    bufferoverflowmaxquerylength Read-write Maximum length, in bytes, for query string sent to your protected web sites. Requests with longer query strings are blocked.

    Default value: 65535

    Minimum value = 0

    Maximum value = 65535
    bufferoverflowmaxtotalheaderlength Read-write Maximum length, in bytes, for the total HTTP header length in requests sent to your protected web sites. The minimum value of this and maxHeaderLen in httpProfile will be used. Requests with longer length are blocked.

    Default value: 65535

    Minimum value = 0

    Maximum value = 65535
    creditcardaction <String[]> Read-write One or more Credit Card actions. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -creditCardAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -creditCardAction none”. Default value: none Possible values = none, block, learn, log, stats
  • creditcard <String[]> Read-write Credit card types that the application firewall should protect.

    Default value: none

    Possible values = none, visa, mastercard, discover, amex, jcb, dinersclub
    creditcardmaxallowed Read-write This parameter value is used by the block action. It represents the maximum number of credit card numbers that can appear on a web page served by your protected web sites. Pages that contain more credit card numbers are blocked.

    Minimum value = 0

    Maximum value = 255
    creditcardxout Read-write Mask any credit card number detected in a response by replacing each digit, except the digits in the final group, with the letter “X.”.

    Default value: OFF

    Possible values = ON, OFF
    dosecurecreditcardlogging Read-write Setting this option logs credit card numbers in the response when the match is found.

    Default value: ON

    Possible values = ON, OFF
    streaming Read-write Setting this option converts content-length form submission requests (requests with content-type “application/x-www-form-urlencoded” or “multipart/form-data”) to chunked requests when atleast one of the following protections : Signatures, SQL injection protection, XSS protection, form field consistency protection, starturl closure, CSRF tagging, JSON SQL, JSON XSS, JSON DOS is enabled. Please make sure that the backend server accepts chunked requests before enabling this option. Citrix recommends enabling this option for large request sizes(>20MB).

    Default value: OFF

    Possible values = ON, OFF
    trace Read-write Toggle the state of trace.

    Default value: OFF

    Possible values = ON, OFF
    requestcontenttype Read-write Default Content-Type header for requests.

    A Content-Type header can contain 0-255 letters, numbers, and the hyphen (-) and underscore (_) characters.

    Minimum length = 1

    Maximum length = 255
    responsecontenttype Read-write Default Content-Type header for responses.

    A Content-Type header can contain 0-255 letters, numbers, and the hyphen (-) and underscore (_) characters.

    Minimum length = 1

    Maximum length = 255
    jsonerrorobject Read-write Name to the imported JSON Error Object to be set on application firewall profile. The following requirement applies only to the Citrix ADC CLI If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my JSON error object” or ‘my JSON error object’). Minimum length = 1
    apispec Read-write Name of the API Specification.

    Minimum length = 1
    protofileobject Read-write Name of the imported proto file.

    Minimum length = 1
    jsonerrorstatuscode Read-write Response status code associated with JSON error page. Non-empty JSON error object must be imported to the application firewall profile for the status code.

    Default value: 200

    Minimum value = 1

    Maximum value = 999
    jsonerrorstatusmessage Read-write Response status message associated with JSON error page.
    jsondosaction <String[]> Read-write One or more JSON Denial-of-Service (JsonDoS) actions. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -JSONDoSAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -JSONDoSAction none”. Possible values = none, block, log, stats
  • jsonsqlinjectionaction <String[]> Read-write One or more JSON SQL Injection actions. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -JSONSQLInjectionAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -JSONSQLInjectionAction none”. Possible values = none, block, log, stats
  • jsonsqlinjectiontype Read-write Available SQL injection types.

    -SQLSplChar : Checks for SQL Special Chars

    -SQLKeyword : Checks for SQL Keywords

    -SQLSplCharANDKeyword : Checks for both and blocks if both are found

    -SQLSplCharORKeyword : Checks for both and blocks if anyone is found,

    -None : Disables checking using both SQL Special Char and Keyword.

    Default value: SQLSplCharANDKeyword

    Possible values = SQLSplChar, SQLKeyword, SQLSplCharORKeyword, SQLSplCharANDKeyword, None
    jsonsqlinjectiongrammar Read-write Check for SQL injection using SQL grammar in JSON.

    Default value: OFF

    Possible values = ON, OFF
    jsoncmdinjectionaction <String[]> Read-write One or more JSON CMD Injection actions. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -JSONCMDInjectionAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -JSONCMDInjectionAction none”. Possible values = none, block, log, stats
  • jsoncmdinjectiontype Read-write Available CMD injection types.

    -CMDSplChar : Checks for CMD Special Chars

    -CMDKeyword : Checks for CMD Keywords

    -CMDSplCharANDKeyword : Checks for both and blocks if both are found

    -CMDSplCharORKeyword : Checks for both and blocks if anyone is found,

    -None : Disables checking using both SQL Special Char and Keyword.

    Default value: CMDSplCharANDKeyword

    Possible values = CMDSplChar, CMDKeyword, CMDSplCharORKeyword, CMDSplCharANDKeyword, None
    jsoncmdinjectiongrammar Read-write Check for CMD injection using CMD grammar in JSON.

    Default value: OFF

    Possible values = ON, OFF
    jsonxssaction <String[]> Read-write One or more JSON Cross-Site Scripting actions. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -JSONXssAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -JSONXssAction none”. Possible values = none, block, log, stats
  • xmldosaction <String[]> Read-write One or more XML Denial-of-Service (XDoS) actions. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Learn - Use the learning engine to generate a list of exceptions to this security check.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -XMLDoSAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -XMLDoSAction none”. Possible values = none, block, learn, log, stats
  • xmlformataction <String[]> Read-write One or more XML Format actions. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -XMLFormatAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -XMLFormatAction none”. Possible values = none, block, log, stats
  • xmlsqlinjectionaction <String[]> Read-write One or more XML SQL Injection actions. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -XMLSQLInjectionAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -XMLSQLInjectionAction none”. Possible values = none, block, log, stats
  • xmlsqlinjectiononlycheckfieldswithsqlchars Read-write Check only form fields that contain SQL special characters, which most SQL servers require before accepting an SQL command, for injected SQL.

    Default value: ON

    Possible values = ON, OFF
    xmlsqlinjectiontype Read-write Available SQL injection types.

    -SQLSplChar : Checks for SQL Special Chars

    -SQLKeyword : Checks for SQL Keywords

    -SQLSplCharANDKeyword : Checks for both and blocks if both are found

    -SQLSplCharORKeyword : Checks for both and blocks if anyone is found.

    Default value: SQLSplCharANDKeyword

    Possible values = SQLSplChar, SQLKeyword, SQLSplCharORKeyword, SQLSplCharANDKeyword, None
    xmlsqlinjectionchecksqlwildchars Read-write Check for form fields that contain SQL wild chars .

    Default value: OFF

    Possible values = ON, OFF
    xmlsqlinjectionparsecomments Read-write Parse comments in XML Data and exempt those sections of the request that are from the XML SQL Injection check. You must configure the type of comments that the application firewall is to detect and exempt from this security check. Available settings function as follows
  • Check all - Check all content.
  • ANSI - Exempt content that is part of an ANSI (Mozilla-style) comment.
  • Nested - Exempt content that is part of a nested (Microsoft-style) comment.
  • ANSI Nested - Exempt content that is part of any type of comment. Default value: checkall Possible values = checkall, ansi, nested, ansinested
  • xmlxssaction <String[]> Read-write One or more XML Cross-Site Scripting actions. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -XMLXSSAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -XMLXSSAction none”. Possible values = none, block, learn, log, stats
  • xmlwsiaction <String[]> Read-write One or more Web Services Interoperability (WSI) actions. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Learn - Use the learning engine to generate a list of exceptions to this security check.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -XMLWSIAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -XMLWSIAction none”. Possible values = none, block, learn, log, stats
  • xmlattachmentaction <String[]> Read-write One or more XML Attachment actions. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Learn - Use the learning engine to generate a list of exceptions to this security check.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -XMLAttachmentAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -XMLAttachmentAction none”. Possible values = none, block, learn, log, stats
  • xmlvalidationaction <String[]> Read-write One or more XML Validation actions. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -XMLValidationAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -XMLValidationAction none”. Possible values = none, block, log, stats
  • xmlerrorobject Read-write Name to assign to the XML Error Object, which the application firewall displays when a user request is blocked. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after the XML error object is added. The following requirement applies only to the Citrix ADC CLI If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my XML error object” or ‘my XML error object’). Minimum length = 1
    xmlerrorstatuscode Read-write Response status code associated with XML error page. Non-empty XML error object must be imported to the application firewall profile for the status code.

    Default value: 200

    Minimum value = 1

    Maximum value = 999
    xmlerrorstatusmessage Read-write Response status message associated with XML error page.
    customsettings Read-write Object name for custom settings.

    This check is applicable to Profile Type: HTML, XML. .

    Minimum length = 1
    signatures Read-write Object name for signatures.

    This check is applicable to Profile Type: HTML, XML. .

    Minimum length = 1
    xmlsoapfaultaction <String[]> Read-write One or more XML SOAP Fault Filtering actions. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check.
  • Remove - Remove all violations for this security check. CLI users: To enable one or more actions, type “set appfw profile -XMLSOAPFaultAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -XMLSOAPFaultAction none”. Possible values = none, block, log, remove, stats
  • usehtmlerrorobject Read-write Send an imported HTML Error object to a user when a request is blocked, instead of redirecting the user to the designated Error URL.

    Default value: OFF

    Possible values = ON, OFF
    errorurl Read-write URL that application firewall uses as the Error URL.

    Minimum length = 1
    htmlerrorobject Read-write Name to assign to the HTML Error Object. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after the HTML error object is added. The following requirement applies only to the Citrix ADC CLI If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my HTML error object” or ‘my HTML error object’). Minimum length = 1
    htmlerrorstatuscode Read-write Response status code associated with HTML error page. Non-empty HTML error object must be imported to the application firewall profile for the status code.

    Default value: 200

    Minimum value = 1

    Maximum value = 999
    htmlerrorstatusmessage Read-write Response status message associated with HTML error page.
    logeverypolicyhit Read-write Log every profile match, regardless of security checks results.

    Default value: OFF

    Possible values = ON, OFF
    stripcomments Read-write Strip HTML comments.

    This check is applicable to Profile Type: HTML. .

    Default value: OFF

    Possible values = ON, OFF
    striphtmlcomments Read-write Strip HTML comments before forwarding a web page sent by a protected web site in response to a user request.

    Default value: none

    Possible values = none, all, exclude_script_tag
    stripxmlcomments Read-write Strip XML comments before forwarding a web page sent by a protected web site in response to a user request.

    Default value: none

    Possible values = none, all
    exemptclosureurlsfromsecuritychecks Read-write Exempt URLs that pass the Start URL closure check from SQL injection, cross-site script, field format and field consistency security checks at locations other than headers.

    Default value: ON

    Possible values = ON, OFF
    defaultcharset Read-write Default character set for protected web pages. Web pages sent by your protected web sites in response to user requests are assigned this character set if the page does not already specify a character set. The character sets supported by the application firewall are
  • iso-8859-1 (English US)
  • big5 (Chinese Traditional)
  • gb2312 (Chinese Simplified)
  • sjis (Japanese Shift-JIS)
  • euc-jp (Japanese EUC-JP)
  • iso-8859-9 (Turkish)
  • utf-8 (Unicode)
  • euc-kr (Korean). Minimum length = 1 Maximum length = 31
  • clientipexpression Read-write Expression to get the client IP.
    dynamiclearning <String[]> Read-write One or more security checks. Available options are as follows
  • SQLInjection - Enable dynamic learning for SQLInjection security check.
  • CrossSiteScripting - Enable dynamic learning for CrossSiteScripting security check.
  • fieldFormat - Enable dynamic learning for fieldFormat security check.
  • None - Disable security checks for all security checks. CLI users: To enable dynamic learning on one or more security checks, type “set appfw profile -dynamicLearning” followed by the security checks to be enabled. To turn off dynamic learning on all security checks, type “set appfw profile -dynamicLearning none”. Possible values = none, SQLInjection, CrossSiteScripting, fieldFormat, startURL, cookieConsistency, fieldConsistency, CSRFtag, ContentType
  • postbodylimit Read-write Maximum allowed HTTP post body size, in bytes. Maximum supported value is 10GB. Citrix recommends enabling streaming option for large values of post body limit (>20MB).

    Default value: 20000000
    postbodylimitaction <String[]> Read-write One or more Post Body Limit actions. Available settings function as follows
  • Block - Block connections that violate this security check. Must always be set.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check. CLI users: To enable one or more actions, type “set appfw profile -PostBodyLimitAction block” followed by the other actions to be enabled. Possible values = block, log, stats
  • postbodylimitsignature Read-write Maximum allowed HTTP post body size for signature inspection for location HTTP_POST_BODY in the signatures, in bytes. Note that the changes in value could impact CPU and latency profile.

    Default value: 2048
    fileuploadmaxnum Read-write Maximum allowed number of file uploads per form-submission request. The maximum setting (65535) allows an unlimited number of uploads.

    Default value: 65535

    Minimum value = 0

    Maximum value = 65535
    canonicalizehtmlresponse Read-write Perform HTML entity encoding for any special characters in responses sent by your protected web sites.

    Default value: ON

    Possible values = ON, OFF
    enableformtagging Read-write Enable tagging of web form fields for use by the Form Field Consistency and CSRF Form Tagging checks.

    Default value: ON

    Possible values = ON, OFF
    sessionlessfieldconsistency Read-write Perform sessionless Field Consistency Checks.

    Default value: OFF

    Possible values = OFF, ON, postOnly
    sessionlessurlclosure Read-write Enable session less URL Closure Checks.

    This check is applicable to Profile Type: HTML. .

    Default value: OFF

    Possible values = ON, OFF
    semicolonfieldseparator Read-write Allow ‘;’ as a form field separator in URL queries and POST form bodies. .

    Default value: OFF

    Possible values = ON, OFF
    excludefileuploadfromchecks Read-write Exclude uploaded files from Form checks.

    Default value: OFF

    Possible values = ON, OFF
    sqlinjectionparsecomments Read-write Parse HTML comments and exempt them from the HTML SQL Injection check. You must specify the type of comments that the application firewall is to detect and exempt from this security check. Available settings function as follows
  • Check all - Check all content.
  • ANSI - Exempt content that is part of an ANSI (Mozilla-style) comment.
  • Nested - Exempt content that is part of a nested (Microsoft-style) comment.
  • ANSI Nested - Exempt content that is part of any type of comment. Possible values = checkall, ansi, nested, ansinested
  • invalidpercenthandling Read-write Configure the method that the application firewall uses to handle percent-encoded names and values. Available settings function as follows
  • asp_mode - Microsoft ASP format.
  • secure_mode - Secure format. Default value: secure_mode Possible values = asp_mode, secure_mode
  • type <String[]> Read-write Application firewall profile type, which controls which security checks and settings are applied to content that is filtered with the profile. Available settings function as follows
  • HTML - HTML-based web sites.
  • XML - XML-based web sites and services.
  • JSON - JSON-based web sites and services.
  • HTML XML (Web 2.0) - Sites that contain both HTML and XML content, such as ATOM feeds, blogs, and RSS feeds.
  • HTML JSON - Sites that contain both HTML and JSON content.
  • XML JSON - Sites that contain both XML and JSON content.
  • HTML XML JSON - Sites that contain HTML, XML and JSON content. Default value: HTML Possible values = HTML, XML, JSON
  • checkrequestheaders Read-write Check request headers as well as web forms for injected SQL and cross-site scripts.

    Default value: OFF

    Possible values = ON, OFF
    inspectquerycontenttypes <String[]> Read-write Inspect request query as well as web forms for injected SQL and cross-site scripts for following content types.

    Possible values = HTML, XML, JSON, OTHER
    optimizepartialreqs Read-write Optimize handle of HTTP partial requests i.e. those with range headers. Available settings are as follows
  • ON - Partial requests by the client result in partial requests to the backend server in most cases.
  • OFF - Partial requests by the client are changed to full requests to the backend server. Default value: ON Possible values = ON, OFF
  • urldecoderequestcookies Read-write URL Decode request cookies before subjecting them to SQL and cross-site scripting checks.

    Default value: OFF

    Possible values = ON, OFF
    comment Read-write Any comments about the purpose of profile, or other useful information about the profile.
    percentdecoderecursively Read-write Configure whether the application firewall should use percentage recursive decoding.

    Default value: ON

    Possible values = ON, OFF
    multipleheaderaction <String[]> Read-write One or more multiple header actions. Available settings function as follows
  • Block - Block connections that have multiple headers.
  • Log - Log connections that have multiple headers.
  • KeepLast - Keep only last header when multiple headers are present. Request headers inspected
  • Accept-Encoding
  • Content-Encoding
  • Content-Range
  • Content-Type
  • Host
  • Range
  • Referer CLI users: To enable one or more actions, type “set appfw profile -multipleHeaderAction” followed by the actions to be enabled. Possible values = block, keepLast, log, none
  • rfcprofile Read-write Object name of the rfc profile.

    Minimum length = 1
    fileuploadtypesaction <String[]> Read-write One or more file upload types actions. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -fileUploadTypeAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -fileUploadTypeAction none”. Possible values = none, block, log, stats
  • verboseloglevel Read-write Detailed Logging Verbose Log Level.

    Default value: pattern

    Possible values = pattern, patternPayload, patternPayloadHeader
    insertcookiesamesiteattribute Read-write Configure whether application firewall should add samesite attribute for set-cookies.

    Default value: OFF

    Possible values = ON, OFF
    cookiesamesiteattribute Read-write Cookie Samesite attribute added to support adding cookie SameSite attribute for all set-cookies including appfw session cookies. Default value will be “SameSite=Lax”.

    Default value: LAX

    Possible values = None, LAX, STRICT
    sqlinjectionruletype Read-write Specifies SQL Injection rule type: ALLOW/DENY. If ALLOW rule type is configured then allow list rules are used, if DENY rule type is configured then deny rules are used.

    Default value: ALLOW

    Possible values = ALLOW, DENY
    fakeaccountdetection Read-write Fake account detection flag : ON/OFF. If set to ON fake account detection in enabled on ADC, if set to OFF fake account detection is disabled.

    Default value: OFF

    Possible values = ON, OFF
    geolocationlogging Read-write Enable Geo-Location Logging in CEF format logs for the profile.

    Possible values = ON, OFF
    ceflogging Read-write Enable CEF format logs for the profile.

    Possible values = ON, OFF
    blockkeywordaction <String[]> Read-write Block Keyword action. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -blockKeywordAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -blockKeywordAction none”. Default value: none Possible values = none, block, log, stats
  • jsonblockkeywordaction <String[]> Read-write JSON Block Keyword action. Available settings function as follows
  • Block - Block connections that violate this security check.
  • Log - Log violations of this security check.
  • Stats - Generate statistics for this security check.
  • None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -JSONBlockKeywordAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -JSONBlockKeywordAction none”. Default value: none Possible values = none, block, log, stats
  • as_prof_bypass_list_enable Read-write Enable bypass list for the profile.

    Default value: OFF

    Possible values = ON, OFF
    as_prof_deny_list_enable Read-write Enable deny list for the profile.

    Default value: OFF

    Possible values = ON, OFF
    sessioncookiename Read-write Name of the session cookie that the application firewall uses to track user sessions. Must begin with a letter or number, and can consist of from 1 to 31 letters, numbers, and the hyphen (-) and underscore (_) symbols. The following requirement applies only to the Citrix ADC CLI If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my cookie name” or ‘my cookie name’). Minimum length = 1
    archivename Read-write Source for tar archive.

    Minimum length = 1
    relaxationrules Read-write Import all appfw relaxation rules.
    importprofilename Read-write Name of the profile which will be created/updated to associate the relaxation rules.

    Maximum length = 31
    matchurlstring Read-write Match this action url in archived Relaxation Rules to replace.

    Maximum length = 2047
    replaceurlstring Read-write Replace matched url string with this action url string while restoring Relaxation Rules.

    Maximum length = 2047
    overwrite Read-write Purge existing Relaxation Rules and replace during import.
    augment Read-write Augment Relaxation Rules during import.
    state Read-only Enabled.

    Possible values = ENABLED, DISABLED
    learning Read-only Profile level learning option that overrides the protection level learning. Available settings are as follows
  • ON - Honor all protection level learn settings.
  • OFF - Avoids learning for this profile for all protections ignoring protection level learn setting. Default value: ON Possible values = ON, OFF
  • csrftag Read-only The web form originating URL.
    builtin Read-only Indicates that a profile is a built-in entity.
    __count Read-only count parameter

    Operations

    (click to see Properties )

    • ADD
    • DELETE
    • UPDATE
    • UNSET
    • GET (ALL)
    • GET
    • COUNT
    • RESTORE

    Some options that you can use for each operations:

    • Getting warnings in response: NITRO allows you to get warnings in an operation by specifying the 'warning' query parameter as 'yes'. For example, to get warnings while connecting to the NetScaler appliance, the URL is as follows:

      http:// <netscaler-ip-address> /nitro/v1/config/login?warning=yes

      If any, the warnings are displayed in the response payload with the HTTP code '209 X-NITRO-WARNING'.

    • Authenticated access for individual NITRO operations: NITRO allows you to logon to the NetScaler appliance to perform individual operations. You can use this option instead of creating a NITRO session (using the login object) and then using that session to perform all operations,

      To do this, you must specify the username and password in the request header of the NITRO request as follows:

      X-NITRO-USER: <username>

      X-NITRO-PASS: <password>

      Note: In such cases, make sure that the request header DOES not include the following:

      Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

    *Note: * Mandatory parameters are marked in red and placeholder content is marked in green

    restore

    URL: http:// <netscaler-ip-address> /nitro/v1/config/appfwprofile? action=restore HTTP Method: POST

    Request Headers:

    Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

    Content-Type:application/json

    Request Payload:

    {"appfwprofile":{
    <b>"archivename":<String_value>,
    </b>"relaxationrules":<Boolean_value>,
    "importprofilename":<String_value>,
    "matchurlstring":<String_value>,
    "replaceurlstring":<String_value>,
    "overwrite":<Boolean_value>,
    "augment":<Boolean_value>
    }}
    
    <!--NeedCopy-->
    

    Response: HTTP Status Code on Success: 200 OK

    HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

    unset

    URL: http:// <netscaler-ip-address> /nitro/v1/config/appfwprofile? action=unset HTTP Method: POST

    Request Headers:

    Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

    Content-Type:application/json

    Request Payload:

    {"appfwprofile":{
    <b>"name":<String_value>,
    </b>"starturlaction":true,
    "infercontenttypexmlpayloadaction":true,
    "contenttypeaction":true,
    "inspectcontenttypes":true,
    "starturlclosure":true,
    "denyurlaction":true,
    "refererheadercheck":true,
    "cookieconsistencyaction":true,
    "cookiehijackingaction":true,
    "cookietransforms":true,
    "cookieencryption":true,
    "cookieproxying":true,
    "addcookieflags":true,
    "fieldconsistencyaction":true,
    "csrftagaction":true,
    "crosssitescriptingaction":true,
    "crosssitescriptingtransformunsafehtml":true,
    "crosssitescriptingcheckcompleteurls":true,
    "sqlinjectionaction":true,
    "cmdinjectionaction":true,
    "cmdinjectiontype":true,
    "sqlinjectiontransformspecialchars":true,
    "sqlinjectiononlycheckfieldswithsqlchars":true,
    "sqlinjectiontype":true,
    "sqlinjectionchecksqlwildchars":true,
    "sqlinjectiongrammar":true,
    "cmdinjectiongrammar":true,
    "fieldformataction":true,
    "defaultfieldformattype":true,
    "defaultfieldformatminlength":true,
    "defaultfieldformatmaxlength":true,
    "fieldscan":true,
    "fieldscanlimit":true,
    "jsonfieldscan":true,
    "jsonfieldscanlimit":true,
    "messagescan":true,
    "messagescanlimit":true,
    "jsonmessagescan":true,
    "jsonmessagescanlimit":true,
    "messagescanlimitcontenttypes":true,
    "bufferoverflowaction":true,
    "grpcaction":true,
    "restaction":true,
    "bufferoverflowmaxurllength":true,
    "bufferoverflowmaxheaderlength":true,
    "bufferoverflowmaxcookielength":true,
    "bufferoverflowmaxquerylength":true,
    "bufferoverflowmaxtotalheaderlength":true,
    "creditcardaction":true,
    "creditcard":true,
    "creditcardmaxallowed":true,
    "creditcardxout":true,
    "dosecurecreditcardlogging":true,
    "streaming":true,
    "trace":true,
    "requestcontenttype":true,
    "responsecontenttype":true,
    "jsonerrorobject":true,
    "jsonerrorstatuscode":true,
    "jsonerrorstatusmessage":true,
    "apispec":true,
    "protofileobject":true,
    "jsondosaction":true,
    "jsonsqlinjectionaction":true,
    "jsonsqlinjectiontype":true,
    "jsonsqlinjectiongrammar":true,
    "jsoncmdinjectionaction":true,
    "jsoncmdinjectiontype":true,
    "jsoncmdinjectiongrammar":true,
    "jsonxssaction":true,
    "xmldosaction":true,
    "xmlformataction":true,
    "xmlsqlinjectionaction":true,
    "xmlsqlinjectiononlycheckfieldswithsqlchars":true,
    "xmlsqlinjectiontype":true,
    "xmlsqlinjectionchecksqlwildchars":true,
    "xmlsqlinjectionparsecomments":true,
    "xmlxssaction":true,
    "xmlwsiaction":true,
    "xmlattachmentaction":true,
    "xmlvalidationaction":true,
    "xmlerrorobject":true,
    "xmlerrorstatuscode":true,
    "xmlerrorstatusmessage":true,
    "customsettings":true,
    "signatures":true,
    "xmlsoapfaultaction":true,
    "usehtmlerrorobject":true,
    "errorurl":true,
    "htmlerrorobject":true,
    "htmlerrorstatuscode":true,
    "htmlerrorstatusmessage":true,
    "logeverypolicyhit":true,
    "stripcomments":true,
    "striphtmlcomments":true,
    "stripxmlcomments":true,
    "clientipexpression":true,
    "dynamiclearning":true,
    "exemptclosureurlsfromsecuritychecks":true,
    "defaultcharset":true,
    "postbodylimit":true,
    "postbodylimitaction":true,
    "postbodylimitsignature":true,
    "fileuploadmaxnum":true,
    "canonicalizehtmlresponse":true,
    "enableformtagging":true,
    "sessionlessfieldconsistency":true,
    "sessionlessurlclosure":true,
    "semicolonfieldseparator":true,
    "excludefileuploadfromchecks":true,
    "sqlinjectionparsecomments":true,
    "invalidpercenthandling":true,
    "type":true,
    "checkrequestheaders":true,
    "inspectquerycontenttypes":true,
    "optimizepartialreqs":true,
    "urldecoderequestcookies":true,
    "comment":true,
    "percentdecoderecursively":true,
    "multipleheaderaction":true,
    "rfcprofile":true,
    "fileuploadtypesaction":true,
    "verboseloglevel":true,
    "insertcookiesamesiteattribute":true,
    "cookiesamesiteattribute":true,
    "sqlinjectionruletype":true,
    "fakeaccountdetection":true,
    "geolocationlogging":true,
    "ceflogging":true,
    "blockkeywordaction":true,
    "jsonblockkeywordaction":true,
    "as_prof_bypass_list_enable":true,
    "as_prof_deny_list_enable":true,
    "sessioncookiename":true
    }}
    
    <!--NeedCopy-->
    

    Response: HTTP Status Code on Success: 200 OK

    HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

    delete

    URL: http:// <netscaler-ip-address> /nitro/v1/config/appfwprofile/ name_value<String> HTTP Method: DELETE

    Request Headers:

    Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

    Response: HTTP Status Code on Success: 200 OK

    HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

    update

    URL: http:// <netscaler-ip-address> /nitro/v1/config/appfwprofile HTTP Method: PUT

    Request Headers:

    Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

    Content-Type:application/json

    Request Payload:

    {"appfwprofile":{
    <b>"name":<String_value>,
    </b>"starturlaction":<String[]_value>,
    "infercontenttypexmlpayloadaction":<String[]_value>,
    "contenttypeaction":<String[]_value>,
    "inspectcontenttypes":<String[]_value>,
    "starturlclosure":<String_value>,
    "denyurlaction":<String[]_value>,
    "refererheadercheck":<String_value>,
    "cookieconsistencyaction":<String[]_value>,
    "cookiehijackingaction":<String[]_value>,
    "cookietransforms":<String_value>,
    "cookieencryption":<String_value>,
    "cookieproxying":<String_value>,
    "addcookieflags":<String_value>,
    "fieldconsistencyaction":<String[]_value>,
    "csrftagaction":<String[]_value>,
    "crosssitescriptingaction":<String[]_value>,
    "crosssitescriptingtransformunsafehtml":<String_value>,
    "crosssitescriptingcheckcompleteurls":<String_value>,
    "sqlinjectionaction":<String[]_value>,
    "cmdinjectionaction":<String[]_value>,
    "cmdinjectiontype":<String_value>,
    "sqlinjectiontransformspecialchars":<String_value>,
    "sqlinjectiononlycheckfieldswithsqlchars":<String_value>,
    "sqlinjectiontype":<String_value>,
    "sqlinjectionchecksqlwildchars":<String_value>,
    "sqlinjectiongrammar":<String_value>,
    "cmdinjectiongrammar":<String_value>,
    "fieldformataction":<String[]_value>,
    "defaultfieldformattype":<String_value>,
    "defaultfieldformatminlength":<Double_value>,
    "defaultfieldformatmaxlength":<Double_value>,
    "fieldscan":<String_value>,
    "fieldscanlimit":<Double_value>,
    "jsonfieldscan":<String_value>,
    "jsonfieldscanlimit":<Double_value>,
    "messagescan":<String_value>,
    "messagescanlimit":<Double_value>,
    "jsonmessagescan":<String_value>,
    "jsonmessagescanlimit":<Double_value>,
    "messagescanlimitcontenttypes":<String[]_value>,
    "bufferoverflowaction":<String[]_value>,
    "grpcaction":<String[]_value>,
    "restaction":<String[]_value>,
    "bufferoverflowmaxurllength":<Double_value>,
    "bufferoverflowmaxheaderlength":<Double_value>,
    "bufferoverflowmaxcookielength":<Double_value>,
    "bufferoverflowmaxquerylength":<Double_value>,
    "bufferoverflowmaxtotalheaderlength":<Double_value>,
    "creditcardaction":<String[]_value>,
    "creditcard":<String[]_value>,
    "creditcardmaxallowed":<Double_value>,
    "creditcardxout":<String_value>,
    "dosecurecreditcardlogging":<String_value>,
    "streaming":<String_value>,
    "trace":<String_value>,
    "requestcontenttype":<String_value>,
    "responsecontenttype":<String_value>,
    "jsonerrorobject":<String_value>,
    "jsonerrorstatuscode":<Double_value>,
    "jsonerrorstatusmessage":<String_value>,
    "apispec":<String_value>,
    "protofileobject":<String_value>,
    "jsondosaction":<String[]_value>,
    "jsonsqlinjectionaction":<String[]_value>,
    "jsonsqlinjectiontype":<String_value>,
    "jsonsqlinjectiongrammar":<String_value>,
    "jsoncmdinjectionaction":<String[]_value>,
    "jsoncmdinjectiontype":<String_value>,
    "jsoncmdinjectiongrammar":<String_value>,
    "jsonxssaction":<String[]_value>,
    "xmldosaction":<String[]_value>,
    "xmlformataction":<String[]_value>,
    "xmlsqlinjectionaction":<String[]_value>,
    "xmlsqlinjectiononlycheckfieldswithsqlchars":<String_value>,
    "xmlsqlinjectiontype":<String_value>,
    "xmlsqlinjectionchecksqlwildchars":<String_value>,
    "xmlsqlinjectionparsecomments":<String_value>,
    "xmlxssaction":<String[]_value>,
    "xmlwsiaction":<String[]_value>,
    "xmlattachmentaction":<String[]_value>,
    "xmlvalidationaction":<String[]_value>,
    "xmlerrorobject":<String_value>,
    "xmlerrorstatuscode":<Double_value>,
    "xmlerrorstatusmessage":<String_value>,
    "customsettings":<String_value>,
    "signatures":<String_value>,
    "xmlsoapfaultaction":<String[]_value>,
    "usehtmlerrorobject":<String_value>,
    "errorurl":<String_value>,
    "htmlerrorobject":<String_value>,
    "htmlerrorstatuscode":<Double_value>,
    "htmlerrorstatusmessage":<String_value>,
    "logeverypolicyhit":<String_value>,
    "stripcomments":<String_value>,
    "striphtmlcomments":<String_value>,
    "stripxmlcomments":<String_value>,
    "clientipexpression":<String_value>,
    "dynamiclearning":<String[]_value>,
    "exemptclosureurlsfromsecuritychecks":<String_value>,
    "defaultcharset":<String_value>,
    "postbodylimit":<Double_value>,
    "postbodylimitaction":<String[]_value>,
    "postbodylimitsignature":<Double_value>,
    "fileuploadmaxnum":<Double_value>,
    "canonicalizehtmlresponse":<String_value>,
    "enableformtagging":<String_value>,
    "sessionlessfieldconsistency":<String_value>,
    "sessionlessurlclosure":<String_value>,
    "semicolonfieldseparator":<String_value>,
    "excludefileuploadfromchecks":<String_value>,
    "sqlinjectionparsecomments":<String_value>,
    "invalidpercenthandling":<String_value>,
    "type":<String[]_value>,
    "checkrequestheaders":<String_value>,
    "inspectquerycontenttypes":<String[]_value>,
    "optimizepartialreqs":<String_value>,
    "urldecoderequestcookies":<String_value>,
    "comment":<String_value>,
    "percentdecoderecursively":<String_value>,
    "multipleheaderaction":<String[]_value>,
    "rfcprofile":<String_value>,
    "fileuploadtypesaction":<String[]_value>,
    "verboseloglevel":<String_value>,
    "insertcookiesamesiteattribute":<String_value>,
    "cookiesamesiteattribute":<String_value>,
    "sqlinjectionruletype":<String_value>,
    "fakeaccountdetection":<String_value>,
    "geolocationlogging":<String_value>,
    "ceflogging":<String_value>,
    "blockkeywordaction":<String[]_value>,
    "jsonblockkeywordaction":<String[]_value>,
    "as_prof_bypass_list_enable":<String_value>,
    "as_prof_deny_list_enable":<String_value>,
    "sessioncookiename":<String_value>
    }}
    
    <!--NeedCopy-->
    

    Response: HTTP Status Code on Success: 200 OK

    HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

    add

    URL: http:// <netscaler-ip-address> /nitro/v1/config/appfwprofile HTTP Method: POST

    Request Headers:

    Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

    Content-Type:application/json

    Request Payload:

    {"appfwprofile":{
    <b>"name":<String_value>,
    </b>"defaults":<String_value>,
    "starturlaction":<String[]_value>,
    "infercontenttypexmlpayloadaction":<String[]_value>,
    "contenttypeaction":<String[]_value>,
    "inspectcontenttypes":<String[]_value>,
    "starturlclosure":<String_value>,
    "denyurlaction":<String[]_value>,
    "refererheadercheck":<String_value>,
    "cookieconsistencyaction":<String[]_value>,
    "cookiehijackingaction":<String[]_value>,
    "cookietransforms":<String_value>,
    "cookieencryption":<String_value>,
    "cookieproxying":<String_value>,
    "addcookieflags":<String_value>,
    "fieldconsistencyaction":<String[]_value>,
    "csrftagaction":<String[]_value>,
    "crosssitescriptingaction":<String[]_value>,
    "crosssitescriptingtransformunsafehtml":<String_value>,
    "crosssitescriptingcheckcompleteurls":<String_value>,
    "sqlinjectionaction":<String[]_value>,
    "cmdinjectionaction":<String[]_value>,
    "cmdinjectiontype":<String_value>,
    "sqlinjectiongrammar":<String_value>,
    "cmdinjectiongrammar":<String_value>,
    "fieldscan":<String_value>,
    "fieldscanlimit":<Double_value>,
    "jsonfieldscan":<String_value>,
    "jsonfieldscanlimit":<Double_value>,
    "messagescan":<String_value>,
    "messagescanlimit":<Double_value>,
    "jsonmessagescan":<String_value>,
    "jsonmessagescanlimit":<Double_value>,
    "messagescanlimitcontenttypes":<String[]_value>,
    "sqlinjectiontransformspecialchars":<String_value>,
    "sqlinjectiononlycheckfieldswithsqlchars":<String_value>,
    "sqlinjectiontype":<String_value>,
    "sqlinjectionchecksqlwildchars":<String_value>,
    "fieldformataction":<String[]_value>,
    "defaultfieldformattype":<String_value>,
    "defaultfieldformatminlength":<Double_value>,
    "defaultfieldformatmaxlength":<Double_value>,
    "bufferoverflowaction":<String[]_value>,
    "grpcaction":<String[]_value>,
    "restaction":<String[]_value>,
    "bufferoverflowmaxurllength":<Double_value>,
    "bufferoverflowmaxheaderlength":<Double_value>,
    "bufferoverflowmaxcookielength":<Double_value>,
    "bufferoverflowmaxquerylength":<Double_value>,
    "bufferoverflowmaxtotalheaderlength":<Double_value>,
    "creditcardaction":<String[]_value>,
    "creditcard":<String[]_value>,
    "creditcardmaxallowed":<Double_value>,
    "creditcardxout":<String_value>,
    "dosecurecreditcardlogging":<String_value>,
    "streaming":<String_value>,
    "trace":<String_value>,
    "requestcontenttype":<String_value>,
    "responsecontenttype":<String_value>,
    "jsonerrorobject":<String_value>,
    "apispec":<String_value>,
    "protofileobject":<String_value>,
    "jsonerrorstatuscode":<Double_value>,
    "jsonerrorstatusmessage":<String_value>,
    "jsondosaction":<String[]_value>,
    "jsonsqlinjectionaction":<String[]_value>,
    "jsonsqlinjectiontype":<String_value>,
    "jsonsqlinjectiongrammar":<String_value>,
    "jsoncmdinjectionaction":<String[]_value>,
    "jsoncmdinjectiontype":<String_value>,
    "jsoncmdinjectiongrammar":<String_value>,
    "jsonxssaction":<String[]_value>,
    "xmldosaction":<String[]_value>,
    "xmlformataction":<String[]_value>,
    "xmlsqlinjectionaction":<String[]_value>,
    "xmlsqlinjectiononlycheckfieldswithsqlchars":<String_value>,
    "xmlsqlinjectiontype":<String_value>,
    "xmlsqlinjectionchecksqlwildchars":<String_value>,
    "xmlsqlinjectionparsecomments":<String_value>,
    "xmlxssaction":<String[]_value>,
    "xmlwsiaction":<String[]_value>,
    "xmlattachmentaction":<String[]_value>,
    "xmlvalidationaction":<String[]_value>,
    "xmlerrorobject":<String_value>,
    "xmlerrorstatuscode":<Double_value>,
    "xmlerrorstatusmessage":<String_value>,
    "customsettings":<String_value>,
    "signatures":<String_value>,
    "xmlsoapfaultaction":<String[]_value>,
    "usehtmlerrorobject":<String_value>,
    "errorurl":<String_value>,
    "htmlerrorobject":<String_value>,
    "htmlerrorstatuscode":<Double_value>,
    "htmlerrorstatusmessage":<String_value>,
    "logeverypolicyhit":<String_value>,
    "stripcomments":<String_value>,
    "striphtmlcomments":<String_value>,
    "stripxmlcomments":<String_value>,
    "exemptclosureurlsfromsecuritychecks":<String_value>,
    "defaultcharset":<String_value>,
    "clientipexpression":<String_value>,
    "dynamiclearning":<String[]_value>,
    "postbodylimit":<Double_value>,
    "postbodylimitaction":<String[]_value>,
    "postbodylimitsignature":<Double_value>,
    "fileuploadmaxnum":<Double_value>,
    "canonicalizehtmlresponse":<String_value>,
    "enableformtagging":<String_value>,
    "sessionlessfieldconsistency":<String_value>,
    "sessionlessurlclosure":<String_value>,
    "semicolonfieldseparator":<String_value>,
    "excludefileuploadfromchecks":<String_value>,
    "sqlinjectionparsecomments":<String_value>,
    "invalidpercenthandling":<String_value>,
    "type":<String[]_value>,
    "checkrequestheaders":<String_value>,
    "inspectquerycontenttypes":<String[]_value>,
    "optimizepartialreqs":<String_value>,
    "urldecoderequestcookies":<String_value>,
    "comment":<String_value>,
    "percentdecoderecursively":<String_value>,
    "multipleheaderaction":<String[]_value>,
    "rfcprofile":<String_value>,
    "fileuploadtypesaction":<String[]_value>,
    "verboseloglevel":<String_value>,
    "insertcookiesamesiteattribute":<String_value>,
    "cookiesamesiteattribute":<String_value>,
    "sqlinjectionruletype":<String_value>,
    "fakeaccountdetection":<String_value>,
    "geolocationlogging":<String_value>,
    "ceflogging":<String_value>,
    "blockkeywordaction":<String[]_value>,
    "jsonblockkeywordaction":<String[]_value>,
    "as_prof_bypass_list_enable":<String_value>,
    "as_prof_deny_list_enable":<String_value>,
    "sessioncookiename":<String_value>
    }}
    
    <!--NeedCopy-->
    

    Response: HTTP Status Code on Success: 201 Created

    HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

    get (all)

    URL: http:// <netscaler-ip-address> /nitro/v1/config/appfwprofile Query-parameters: attrs http:// <netscaler-ip-address> /nitro/v1/config/appfwprofile? attrs=property-name1,property-name2

    Use this query parameter to specify the resource details that you want to retrieve.

    filter http:// <netscaler-ip-address> /nitro/v1/config/appfwprofile? filter=property-name1:property-val1,property-name2:property-val2

    Use this query-parameter to get the filtered set of appfwprofile resources configured on NetScaler.Filtering can be done on any of the properties of the resource.

    view http:// <netscaler-ip-address> /nitro/v1/config/appfwprofile? view=summary

    Use this query-parameter to get the summary output of appfwprofile resources configured on NetScaler.

    Note: By default, the retrieved results are displayed in detail view (?view=detail).

    pagination http:// <netscaler-ip-address> /nitro/v1/config/appfwprofile? pagesize=#no;pageno=#no

    Use this query-parameter to get the appfwprofile resources in chunks.

    HTTP Method: GET

    Request Headers:

    Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

    Accept:application/json

    Response: HTTP Status Code on Success: 200 OK

    HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

    Response Header:

    Content-Type:application/json

    Response Payload:

    { "appfwprofile": [ {
    "name":<String_value>,
    "type":<String[]_value>,
    "state":<String_value>,
    "defaults":<String_value>,
    "usehtmlerrorobject":<String_value>,
    "errorurl":<String_value>,
    "htmlerrorobject":<String_value>,
    "htmlerrorstatuscode":<Double_value>,
    "htmlerrorstatusmessage":<String_value>,
    "logeverypolicyhit":<String_value>,
    "stripcomments":<String_value>,
    "striphtmlcomments":<String_value>,
    "stripxmlcomments":<String_value>,
    "defaultcharset":<String_value>,
    "postbodylimit":<Double_value>,
    "postbodylimitaction":<String[]_value>,
    "clientipexpression":<String_value>,
    "dynamiclearning":<String[]_value>,
    "postbodylimitsignature":<Double_value>,
    "learning":<String_value>,
    "fileuploadmaxnum":<Double_value>,
    "canonicalizehtmlresponse":<String_value>,
    "enableformtagging":<String_value>,
    "sessionlessfieldconsistency":<String_value>,
    "sessionlessurlclosure":<String_value>,
    "semicolonfieldseparator":<String_value>,
    "excludefileuploadfromchecks":<String_value>,
    "sqlinjectionparsecomments":<String_value>,
    "checkrequestheaders":<String_value>,
    "inspectquerycontenttypes":<String[]_value>,
    "optimizepartialreqs":<String_value>,
    "urldecoderequestcookies":<String_value>,
    "starturlaction":<String[]_value>,
    "infercontenttypexmlpayloadaction":<String[]_value>,
    "contenttypeaction":<String[]_value>,
    "inspectcontenttypes":<String[]_value>,
    "starturlclosure":<String_value>,
    "denyurlaction":<String[]_value>,
    "refererheadercheck":<String_value>,
    "csrftagaction":<String[]_value>,
    "csrftag":<String_value>,
    "crosssitescriptingaction":<String[]_value>,
    "crosssitescriptingtransformunsafehtml":<String_value>,
    "crosssitescriptingcheckcompleteurls":<String_value>,
    "exemptclosureurlsfromsecuritychecks":<String_value>,
    "sqlinjectionaction":<String[]_value>,
    "cmdinjectionaction":<String[]_value>,
    "sqlinjectiontransformspecialchars":<String_value>,
    "sqlinjectiononlycheckfieldswithsqlchars":<String_value>,
    "sqlinjectiontype":<String_value>,
    "cmdinjectiontype":<String_value>,
    "sqlinjectiongrammar":<String_value>,
    "cmdinjectiongrammar":<String_value>,
    "fieldscan":<String_value>,
    "fieldscanlimit":<Double_value>,
    "jsonfieldscan":<String_value>,
    "jsonfieldscanlimit":<Double_value>,
    "messagescan":<String_value>,
    "messagescanlimit":<Double_value>,
    "jsonmessagescan":<String_value>,
    "jsonmessagescanlimit":<Double_value>,
    "messagescanlimitcontenttypes":<String[]_value>,
    "sqlinjectionchecksqlwildchars":<String_value>,
    "invalidpercenthandling":<String_value>,
    "fieldconsistencyaction":<String[]_value>,
    "cookieconsistencyaction":<String[]_value>,
    "cookiehijackingaction":<String[]_value>,
    "cookietransforms":<String_value>,
    "cookieencryption":<String_value>,
    "cookieproxying":<String_value>,
    "addcookieflags":<String_value>,
    "bufferoverflowaction":<String[]_value>,
    "grpcaction":<String[]_value>,
    "restaction":<String[]_value>,
    "bufferoverflowmaxurllength":<Double_value>,
    "bufferoverflowmaxheaderlength":<Double_value>,
    "bufferoverflowmaxcookielength":<Double_value>,
    "bufferoverflowmaxquerylength":<Double_value>,
    "bufferoverflowmaxtotalheaderlength":<Double_value>,
    "fieldformataction":<String[]_value>,
    "defaultfieldformattype":<String_value>,
    "defaultfieldformatminlength":<Double_value>,
    "defaultfieldformatmaxlength":<Double_value>,
    "creditcardaction":<String[]_value>,
    "creditcard":<String[]_value>,
    "creditcardmaxallowed":<Double_value>,
    "creditcardxout":<String_value>,
    "dosecurecreditcardlogging":<String_value>,
    "streaming":<String_value>,
    "trace":<String_value>,
    "requestcontenttype":<String_value>,
    "responsecontenttype":<String_value>,
    "xmlerrorobject":<String_value>,
    "xmlerrorstatuscode":<Double_value>,
    "xmlerrorstatusmessage":<String_value>,
    "signatures":<String_value>,
    "xmlformataction":<String[]_value>,
    "xmldosaction":<String[]_value>,
    "xmlsqlinjectionaction":<String[]_value>,
    "xmlsqlinjectiononlycheckfieldswithsqlchars":<String_value>,
    "xmlsqlinjectiontype":<String_value>,
    "xmlsqlinjectionchecksqlwildchars":<String_value>,
    "xmlsqlinjectionparsecomments":<String_value>,
    "xmlxssaction":<String[]_value>,
    "xmlwsiaction":<String[]_value>,
    "xmlattachmentaction":<String[]_value>,
    "xmlvalidationaction":<String[]_value>,
    "xmlsoapfaultaction":<String[]_value>,
    "builtin":<Boolean_value>,
    "comment":<String_value>,
    "percentdecoderecursively":<String_value>,
    "multipleheaderaction":<String[]_value>,
    "rfcprofile":<String_value>,
    "apispec":<String_value>,
    "protofileobject":<String_value>,
    "jsonerrorobject":<String_value>,
    "jsonerrorstatuscode":<Double_value>,
    "jsonerrorstatusmessage":<String_value>,
    "jsondosaction":<String[]_value>,
    "jsonsqlinjectionaction":<String[]_value>,
    "jsonsqlinjectiontype":<String_value>,
    "jsonsqlinjectiongrammar":<String_value>,
    "jsoncmdinjectionaction":<String[]_value>,
    "jsoncmdinjectiontype":<String_value>,
    "jsoncmdinjectiongrammar":<String_value>,
    "jsonxssaction":<String[]_value>,
    "fileuploadtypesaction":<String[]_value>,
    "verboseloglevel":<String_value>,
    "insertcookiesamesiteattribute":<String_value>,
    "cookiesamesiteattribute":<String_value>,
    "sqlinjectionruletype":<String_value>,
    "fakeaccountdetection":<String_value>,
    "geolocationlogging":<String_value>,
    "ceflogging":<String_value>,
    "blockkeywordaction":<String[]_value>,
    "jsonblockkeywordaction":<String[]_value>,
    "as_prof_bypass_list_enable":<String_value>,
    "as_prof_deny_list_enable":<String_value>,
    "sessioncookiename":<String_value>
    }]}
    
    <!--NeedCopy-->
    

    get

    URL: http:// <netscaler-ip-address> /nitro/v1/config/appfwprofile/ name_value<String> Query-parameters: attrs http:// <netscaler-ip-address> /nitro/v1/config/appfwprofile/ name_value<String> ? attrs=property-name1,property-name2

    Use this query parameter to specify the resource details that you want to retrieve.

    view http:// <netscaler-ip-address> /nitro/v1/config/appfwprofile/ name_value<String> ? view=summary

    Use this query-parameter to get the summary output of appfwprofile resources configured on NetScaler.

    Note: By default, the retrieved results are displayed in detail view (?view=detail).

    HTTP Method: GET

    Request Headers:

    Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

    Accept:application/json

    Response: HTTP Status Code on Success: 200 OK

    HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

    Response Header:

    Content-Type:application/json

    Response Payload:

    {  "appfwprofile": [ {
    "name":<String_value>,
    "type":<String[]_value>,
    "state":<String_value>,
    "defaults":<String_value>,
    "usehtmlerrorobject":<String_value>,
    "errorurl":<String_value>,
    "htmlerrorobject":<String_value>,
    "htmlerrorstatuscode":<Double_value>,
    "htmlerrorstatusmessage":<String_value>,
    "logeverypolicyhit":<String_value>,
    "stripcomments":<String_value>,
    "striphtmlcomments":<String_value>,
    "stripxmlcomments":<String_value>,
    "defaultcharset":<String_value>,
    "postbodylimit":<Double_value>,
    "postbodylimitaction":<String[]_value>,
    "clientipexpression":<String_value>,
    "dynamiclearning":<String[]_value>,
    "postbodylimitsignature":<Double_value>,
    "learning":<String_value>,
    "fileuploadmaxnum":<Double_value>,
    "canonicalizehtmlresponse":<String_value>,
    "enableformtagging":<String_value>,
    "sessionlessfieldconsistency":<String_value>,
    "sessionlessurlclosure":<String_value>,
    "semicolonfieldseparator":<String_value>,
    "excludefileuploadfromchecks":<String_value>,
    "sqlinjectionparsecomments":<String_value>,
    "checkrequestheaders":<String_value>,
    "inspectquerycontenttypes":<String[]_value>,
    "optimizepartialreqs":<String_value>,
    "urldecoderequestcookies":<String_value>,
    "starturlaction":<String[]_value>,
    "infercontenttypexmlpayloadaction":<String[]_value>,
    "contenttypeaction":<String[]_value>,
    "inspectcontenttypes":<String[]_value>,
    "starturlclosure":<String_value>,
    "denyurlaction":<String[]_value>,
    "refererheadercheck":<String_value>,
    "csrftagaction":<String[]_value>,
    "csrftag":<String_value>,
    "crosssitescriptingaction":<String[]_value>,
    "crosssitescriptingtransformunsafehtml":<String_value>,
    "crosssitescriptingcheckcompleteurls":<String_value>,
    "exemptclosureurlsfromsecuritychecks":<String_value>,
    "sqlinjectionaction":<String[]_value>,
    "cmdinjectionaction":<String[]_value>,
    "sqlinjectiontransformspecialchars":<String_value>,
    "sqlinjectiononlycheckfieldswithsqlchars":<String_value>,
    "sqlinjectiontype":<String_value>,
    "cmdinjectiontype":<String_value>,
    "sqlinjectiongrammar":<String_value>,
    "cmdinjectiongrammar":<String_value>,
    "fieldscan":<String_value>,
    "fieldscanlimit":<Double_value>,
    "jsonfieldscan":<String_value>,
    "jsonfieldscanlimit":<Double_value>,
    "messagescan":<String_value>,
    "messagescanlimit":<Double_value>,
    "jsonmessagescan":<String_value>,
    "jsonmessagescanlimit":<Double_value>,
    "messagescanlimitcontenttypes":<String[]_value>,
    "sqlinjectionchecksqlwildchars":<String_value>,
    "invalidpercenthandling":<String_value>,
    "fieldconsistencyaction":<String[]_value>,
    "cookieconsistencyaction":<String[]_value>,
    "cookiehijackingaction":<String[]_value>,
    "cookietransforms":<String_value>,
    "cookieencryption":<String_value>,
    "cookieproxying":<String_value>,
    "addcookieflags":<String_value>,
    "bufferoverflowaction":<String[]_value>,
    "grpcaction":<String[]_value>,
    "restaction":<String[]_value>,
    "bufferoverflowmaxurllength":<Double_value>,
    "bufferoverflowmaxheaderlength":<Double_value>,
    "bufferoverflowmaxcookielength":<Double_value>,
    "bufferoverflowmaxquerylength":<Double_value>,
    "bufferoverflowmaxtotalheaderlength":<Double_value>,
    "fieldformataction":<String[]_value>,
    "defaultfieldformattype":<String_value>,
    "defaultfieldformatminlength":<Double_value>,
    "defaultfieldformatmaxlength":<Double_value>,
    "creditcardaction":<String[]_value>,
    "creditcard":<String[]_value>,
    "creditcardmaxallowed":<Double_value>,
    "creditcardxout":<String_value>,
    "dosecurecreditcardlogging":<String_value>,
    "streaming":<String_value>,
    "trace":<String_value>,
    "requestcontenttype":<String_value>,
    "responsecontenttype":<String_value>,
    "xmlerrorobject":<String_value>,
    "xmlerrorstatuscode":<Double_value>,
    "xmlerrorstatusmessage":<String_value>,
    "signatures":<String_value>,
    "xmlformataction":<String[]_value>,
    "xmldosaction":<String[]_value>,
    "xmlsqlinjectionaction":<String[]_value>,
    "xmlsqlinjectiononlycheckfieldswithsqlchars":<String_value>,
    "xmlsqlinjectiontype":<String_value>,
    "xmlsqlinjectionchecksqlwildchars":<String_value>,
    "xmlsqlinjectionparsecomments":<String_value>,
    "xmlxssaction":<String[]_value>,
    "xmlwsiaction":<String[]_value>,
    "xmlattachmentaction":<String[]_value>,
    "xmlvalidationaction":<String[]_value>,
    "xmlsoapfaultaction":<String[]_value>,
    "builtin":<Boolean_value>,
    "comment":<String_value>,
    "percentdecoderecursively":<String_value>,
    "multipleheaderaction":<String[]_value>,
    "rfcprofile":<String_value>,
    "apispec":<String_value>,
    "protofileobject":<String_value>,
    "jsonerrorobject":<String_value>,
    "jsonerrorstatuscode":<Double_value>,
    "jsonerrorstatusmessage":<String_value>,
    "jsondosaction":<String[]_value>,
    "jsonsqlinjectionaction":<String[]_value>,
    "jsonsqlinjectiontype":<String_value>,
    "jsonsqlinjectiongrammar":<String_value>,
    "jsoncmdinjectionaction":<String[]_value>,
    "jsoncmdinjectiontype":<String_value>,
    "jsoncmdinjectiongrammar":<String_value>,
    "jsonxssaction":<String[]_value>,
    "fileuploadtypesaction":<String[]_value>,
    "verboseloglevel":<String_value>,
    "insertcookiesamesiteattribute":<String_value>,
    "cookiesamesiteattribute":<String_value>,
    "sqlinjectionruletype":<String_value>,
    "fakeaccountdetection":<String_value>,
    "geolocationlogging":<String_value>,
    "ceflogging":<String_value>,
    "blockkeywordaction":<String[]_value>,
    "jsonblockkeywordaction":<String[]_value>,
    "as_prof_bypass_list_enable":<String_value>,
    "as_prof_deny_list_enable":<String_value>,
    "sessioncookiename":<String_value>
    }]}
    
    <!--NeedCopy-->
    

    count

    URL: http:// <netscaler-ip-address> /nitro/v1/config/appfwprofile? count=yes HTTP Method: GET

    Request Headers:

    Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

    Accept:application/json

    Response: HTTP Status Code on Success: 200 OK

    HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

    Response Header:

    Content-Type:application/json

    Response Payload:

    { "appfwprofile": [ { "__count": "#no"} ] }
    
    <!--NeedCopy-->
    
    appfwprofile