Make sure and keep up to date from Citrix with the CVE-2021-44228. https://support.citrix.com/article/CTX335705

This link has the mitigations for the WAF and a Responder policy. https://www.citrix.com/blogs/2021/12/13/guidance-for-reducing-apache-log4j-security-vulnerability-risk-with-citrix-waf/