Citrix DaaS Administration — Question 7

A Citrix Engineer needs to configure an application firewall profile to ensure that the images uploaded on the website are NOT malicious. The engineer needs to create a policy to filter the upload requests and ensure that they are in JPEG format.
Which expression can the engineer use to fulfill this requirement?

Answer options

• A. http.req.url.endswith (".jpeg) & & http.req.method.eq (POST)
• B. http.req.url.contains (".jpeg) & & http.req.method.eq (GET)
• C. http.req.url.endswith (".jpeg) || http.req.method.eq (GET)
• D. http.req.header ("Content-Type").contains ("image/jpeg") || http.req.method.eq(POST)

Correct answer: D

Explanation

The correct answer is D because it checks the 'Content-Type' header for 'image/jpeg', ensuring that the upload is indeed a JPEG image, and also allows POST requests. The other options either use incorrect methods, check for GET requests instead of POST, or do not validate the content type effectively.