WAF Policies and Profiles

Before actually enabling the WAF feature on your production Citrix ADC, you should read this article!
Waf will change the behavior of all your vServers!

We find Citrix WAF in the security section. Similar to all other features, a WAF policy consists of a profile (action) and an expression. (the difference between a profile and an action is the complexity. WAF profiles are highly complex)

Setting up the test environment

Create a new load-balancing vServer. We use HTTP to make debugging a bit easier. We don’t explain how to do load-balancing. Go to this chapter if you don’t already know (WAF is not suitable for beginners!)


  • name: lb_vs_waf
  • Protocol: HTTP
  • Address type: IP Adress
  • IP address:
  • Port: 80


If you didn’t already create this service, create a service for our red test environment and bind it to the vServer lb_vs_waf

  • name: sc_red
  • Protocol: HTTP
  • Port: 80
  • Server: red.wonderkitchen.network (

The WAF Profile

Go to Security → Citrix Web Application Firewall → Profiles. Create a new profile.

  • name: waf_prof_simple
  • Profile Type:
  • Defaults: Basic

Don’t do any changes to this profile by now.Citrix ADC WAF profile

The WAF Policy

Go to Security → Citrix Web Application Firewall → Firewall → Policies. Create a new policy.

  • name: waf_pol_simple
  • expression: true
  • profile: waf_prof_simple

Citrix ADC WAF Policy

Bind this policy to lb_vs_waf.

Leave a Comment

Your email address will not be published. Required fields are marked *