Citrix ADC 13 Administrator — Question 21

Which two configurations can a Citrix Administrator use to block all the post requests that are larger than 10,000 bytes in order to protect the environment against
HashDoS attacks? (Choose two.)

Answer options

• A. add policy expression expr_hashdos_prevention "http.REQ.METHOD.EQ(\"POST\") && http.REQ.CONTENT_LENGTH.GT(10000)" add responder policy pol_resp_hashdos_prevention expr_hashdos_prevention DROP NOOP bind responder global pol_resp_hashdos_prevention 70 END type REQ_OVERRIDE
• B. add policy expression expr_hashdos_prevention "http.REQ.METHOD.EQ(\"POST\") && http.REQ.CONTENT_LENGTH.GT(10000)" add rewrite policy drop_rewrite expr_hashdos_prevention DROP bind rewrite global drop_rewrite 100 END type REQ_OVERRIDE
• C. add policy expression expr_hashdos_prevention "http.REQ.METHOD.EQ(\"POST\") || http.REQ.CONTENT_LENGTH.GT(10000)" add responder policy pol_resp_hashdos_prevention expr_hashdos_prevention DROP NOOP bind responder global pol_resp_hashdos_prevention 70 END type REQ_OVERRIDE
• D. add policy expression expr_hashdos_prevention "http.REQ.METHOD.EQ(\"POST\") || http.REQ.CONTENT_LENGTH.GT(10000)" add rewrite policy drop_rewrite expr_hashdos_prevention DROP

Correct answer: A, C

Explanation

The correct answers, A and C, utilize '&&' in option A and '||' in option C to accurately target the specific post request size limitation. Option B incorrectly uses a rewrite policy, which is not suitable for blocking requests, and option D uses '||' which allows requests that meet only one condition, failing to restrict the post requests effectively.