This is something, people tend to ask for: A sorry server responding with a meaningful message in case all services are down. It’s an easy task to do, so I decided to write a quick guide on how to create a setup like that. What we need A load-balancing vServer does not respond, as soon as all services are down. However, there are “protection Servers”. And that’s what I will use...
© image: Wikipedia Two and a half years ago, I have written an article about LDAP. I always planned to add an article about RADIUS as well, but I never did. Today, I had to troubleshoot a RADIUS problem, so I did the necessary traces. It is a DUO server, but most other servers behave similarly. Here we go! What is RADIUS RADIUS (Remote Authentication Dial-In User Service) is a protocol to...
During one of my Citrix ADC projects, I came across a strange problem. I had to give external users access to a certain IoT device. These very devices don’t support static addressing (!) and are well known for being exploitable, however, there is no really secure alternative available on the market. Because of this, my customer wanted to restrict these crappy devices to a certain range of...
last update: May 6th 2021 I recently moved my blog to a new host, so several objects don’t exist anymore. Unfortunately, this will lead to plenty of 404 not found, instead of giving users access to the website as a whole. So I decided to replace all not found with redirects to a certain page, it might be any kind of sorry page or the default page. It’s up to you. The problem Changing...
There are several guidelines out there how to do this. I want to dig a bit deeper. Why do I want to use NetScaler policies to rewrite and pimp this webpage? There are two reasons: A NetScaler is there and it is possible. And it will survive all (or near to all, there will never be a guarantee!) upcoming NetScaler updates! So where do we start? This is a German version of a NetScaler Gateway...
Or: Admin partitions Update, March 2021: It does not work with current versions This is a workaround for a well-known problem in NetScaler: Binding NetScaler Gateways to content switching vServers. This solution does not follow Citrix best practices. Avoid using it, if you can! My solution will work with NetScaler 11.1 upward. The Problem Up to 11.0, it was impossible to bind a NetSaler Gateway...
test websites and more
Fiddler, a debugging proxy server. Record requests, tamper requests, replay requests
My personal Citrix ADC / NetScaler test environment
I came across following issue, doing a Citrix ADC / NetScaler project: My customer wanted to use Azure MFA for internal users and LDAP/RADIUS for external users like contractors and parters. That’s a typical use-case for n-factor authentication. So how do we solve problems like that? The solution A Solution based on group membership The difference between internal and external users is...
This is the fifth part of this blog. Part Part 1 2 3 4 5 Form-fields are a major gate to send malicious data to a web-server. It’s obvious, a website programmer does not want to do input validation twice, on the user and on the server-side. What could happen? If everything is tested on the client-side, data arriving on the server-side has to be good. Even worse: If an input field does not...
last update: December 10th 2020 I recently came across a problem, that had been hard to resolve. Active/passive load-balancing typically is easy to do: You create a load-balancing vServer for the active service, and another one, intended to be passive, for desaster recovery. Then you set the disaster recovery vServer as a protection vServer for the active vServer. It will automatically switch to...