Citrix DaaS Administration — Question 2

Scenario: A Citrix Engineer needs to configure an Application Firewall policy for an online shopping website called "mycompany.com". As a security measure, the shopping cart application is hosted on a separate directory "/mycart" on the backend server. The engineer configured a profile to secure the connections to this shopping cart and now needs to ensure that this profile is allied to all incoming connections to the shopping cart.
Which policy expression will accomplish this requirement?

Answer options

• A. http.req.url. contains("/mycart") & http:req.url.hostname.eq("mycompany.com")
• B. http.req.url. contains("/mycart") || http:req.url.hostname.eq("mycompany.com")
• C. http.req.header ("url").contains ("/mycart") || http.req.url.contains ("mycompany.com")
• D. http.req.header ("url").contains ("/mycart") && http:req.url.contains ("mycompy.com")

Correct answer: A

Explanation

The correct answer, A, uses the & operator to ensure that both conditions must be true: the request URL must contain '/mycart' and the hostname must be 'mycompany.com'. Option B incorrectly uses the || operator, which would allow either condition to be true, potentially exposing the application. Options C and D contain syntax errors and incorrect logic that do not meet the requirements for the policy expression.