CategorySecurity

A simple way for a Citrix ADC (NetScaler) to respond with a 404 not found

A

I am a big fan of cheating if it comes to security. Giving wrong answers to questions may be misleading and will direct attackers into the wrong direction. This will cost time and, at the same time, rise the risk of being caught red-handed. If someone attacks a website, he has to be discrete and fast. Discrete to not get trapped, quick to be long gone in case the owner learns about the attack. So...

Using Geo-Location for policies and logging in Citrix NetScaler ADC

U

Last update: May 8th 2023   There are several use cases for geo-location information in Citrix ADC / NetScaler. It may be helpful with WAF logs. I am European, I won’t spend much time on a positive, if the log comes from North Korea, but I would consider it to be a “false positive”, if it comes from Germany, Italy or Sweden. Even though I would not consider it to be secure...

Creating Certificates for Citrix ADC (NetScaler)

C

The way we create certificates has not changed significantly over the years. Only the wizard is subject to a certain change. This blog is based on Citrix ADC 13, elder versions don’t differ significantly. The following steps are necessary to create a certificate: Generate the key pair Create the certificate-signing request Generate the certificate (either using Citrix ADC /...

How to recover a Citrix ADC/NetScaler VPX from CVE-2019-19781 (both on Hypervisor and on SDX)

H

last update: March 2nd 2020 Well, there are many guides. So why do I write a blog about it? Just to have one more? Bull shit! The truth is: I don’t like them at all! What’s wrong about all these guides? They all focus on how to remove malware currently installed on our Citrix ADCs (NetScalers). And, to be honest, it does not make the least little bit of sense. How can you ever be 100%...

How to start a Citrix ADC / NetScaler WAF Project, Part 4: Start URLs

H

This is the forth part of this blog. Part Part 1 2 3 4 5 Click here to see how to start your WAF project StartURLs are a powerful tool to protect a web server. Probably, creating StartURLs will be the first thing you need to do. There are two ways to deal with it: Learning or doing. Learning Learning does not mean, you learn, instead Citrix ADC / NetScaler learns about the application. There is...

How to start a Citrix ADC / NetScaler WAF Project Part 2: Signatures

H

This is the second part of this blog. Part 1 2 3 4 5 Click here to see how to start your WAF project Signatures Make sure, signatures get updated automatically. Today (January 22 2020) we have version 40. Check the auto update settings. Check, if Signatures Auto Update is enabled and Click on “Check URL”. This will connect to the update server and see the current version of signatures...

How to start a Citrix ADC / NetScaler WAF Project, Part 1: General

H

This is the forth part of this blog. Part Part 1 2 3 4 5 I am currently working on a Citrix ADC (NetScaler) WAF project. It’s a big international enterprise, security is of some concern to them. So everything hould be pretty much straight forward? Well, it never is. So, how to begin? Well, I almost forgot to mention: I have to introduce myself to the customer. “Hi, I’m Johannes...

Protecting a URL using Citrix ADC responder policies

P

Recently a friend asked a question: How is it possible to bypass a responder policy. They knew it happened, but they could not reproduce. HTML- Encoding HTML Encoding is a stupid trick, used by hackers ever since. Any character may get encoded using a encoding table. So instead of using you might use something like . This is strictly following standards. No one does, as it is huge overhead, but...

AAA-default settings changed with Citrix ADC (NetScaler) 13 built 41.20

A

Yesterday I upgraded to NetScaler 13 built 41.20. Everything worked fine. No problems. But out of a sudden, my Exchange deployment failed to authenticate (I did it following Julian Mooren’s outstanding deployment guide). I did some further investigation and found all my other AAA servers don’t authenticate, even though the outcome of authentication requests was positive. I always saw...

Citrix ADC / NetScaler: two factors from outside, single factor inside

C

last update: September 25th 2019 I was recently asked: Johannes, is it possible to orun the same AAA server, from the inside with single factor, from the outside with two factor authentication? Of course it is. That’s how you do: Prerequisites My test environment contains of a lb vServer (lb_vsrv_colors). I created a AAA vServer aaa_multifactor_ath. There is a content switching vServer...

Recent Posts

Recent Comments