To protect an environment against Hash DoS attacks, which two configurations can a Citrix…

Question

To protect an environment against Hash DoS attacks, which two configurations can a Citrix Administrator use to block all post requests that are larger than 10,000 bytes? (Choose two.)

Accepted Answer

Correct answer: A, B. A. > add policy expression expr_hashdos_prevention "http.REQ.METHOD.EQ(\"POST\")&& http.REQ.CONTENT_LENGTH.GT(10000)" > add rewrite policy drop_rewrite expr_hashdos_prevention DROP > bind rewrite global drop_rewrite 100 END -type REQ_OVERRIDE — B. > add policy expression expr_hashdos_prevention "http.REQ.METHOD.EQ(\"POST\")&& http.REQ.CONTENT_LENGTH.GT(10000)" > add responder policy pol_resp_hashdos_prevention expr_hashdos_prevention DROP NOOP > bind responder global pol_resp_hashdos_prevention 70 END -type REQ_OVERRIDE — Options A and B are correct because they utilize the correct condition to target POST requests with a content length greater than 10,000 bytes and implement the appropriate actions to drop such requests. Options C, D, E, and F are incorrect as they either use '||' instead of '&&', which allows larger content lengths, or they do not apply the correct method for blocking POST requests.

Citrix ADC 13 Advanced Topics – Security, Management and Optimization — Question 15

Answer options

Correct answer: A, B

Explanation