CategorySecurity

Using Citrix NetScaler ADC as a SAML IDP and SAML SP

U

last update: 2023/02/03 Tested with NetScaler 11, Citrix ADC 12.1 and 13.0 I needed to use a Citrix ADC (NetScaler) both, as a SAML identity provider (IDP) and service provider (SP). So I set up my test environment accordingly. What my test environment looked like: You see, I created two admin partitions on my Citrix NetScaler ADC, one for the service provider (SP partition), containing both, the...

Digging into Citrix NetScaler IP-reputation feature

D

last update: 2018/04/12 I recently had to protect a website using IP reputation feature. There is some good information about this feature, however I decided to glean information here. Facts about this feature IP reputation is a platinum feature. It is included in web application firewall (there are extra licenses for the WAF available, they also contain IP-reputation). IP-reputation feature...

DDOS protection using Citrix NetScaler, 2nd part

D

Yesterday I published a blog about DDOS- protection. I used the Citrix NetScaler AppQoE feature to do so. That’s nice, but not enough. I still could beat my server to a pulp easily. Just 10 clients launching a DDOS attack using HULK had been enough. I can’t throttle down the number of users to just 10! WTF? Basically AppQoE will just limit the number of users (actually it’s the...

DDOS protection using Citrix NetScaler, 1st part

D

last update: February 21st 2018 How to protect a website using Citrix NetScaler? Well it seems to be easy. A nonsense question. We may use AppQoE (Application level Quality of Experience), a feature introduced with NetScaler version 10, so it’s quite an old feature. Let’s start. AppQoE is enterprise edition My first starting point was E-Docs. Let’s be honest: the guy in charge...

What’s in a WAF (Web application firewall)

W

This article is a very first answer to a question I recently received. The question was: You’re talking about web application firewalls. I’d like to know how to use the WAF for reverse proxying. … I also might use a firewall as it also contains functions like SQL injection prevention. So what’s in a web application firewall? A web application firewall, also known as WAF...

Customizing a 404 message using Citrix NetScaler

C

Why would you like to customize a 404 page? Well, it’s all about misleading information. A hacker has a very limited chance to get a friend with your web server. On the other way, he needs to find out as much as any possible. The more he knows, the more likely his attack will be successful. On the other hand, he has to let sleeping dogs lie. With other words: He must not alarm you. One of...

Protect a DNS server using a Citrix NetScaler

P

Recently I found out: DNS is a big bandwidth waster on my internet connection. Strange, isn’t it? DNS? So I started a network trace on my firewall: someone is abusing one of my DNS servers. I guess it’s a kind of malware using my DNS server, but I am not really sure. The domain was X99MOYU.NET belonging to a Chinese company called ZhuHai NaiSiNiKe.. Content of the website is not...

Changing my Citrix NetScaler VPX based website from http to https and scoring an A+ in SSL labs test

C

Last update: July 12 2018 This blog is about NetScaler versions up to 12. Find later versions here January 2020: It’s pretty outdated by now, as some of the proposed encryption methods are outdated and there are serious concerns about TLS1.0 and TLS 1.1. Read Thomas’s blog from here. Citrix NetScaler load balancing and content switching servers will only score an C in quality labs SSL...

How to get a valide certificate for our NetScaler, if possible for free?

H

This is an updated blog entry. I first posted it on my old and discontinued blog at blog.com for Citrix NetScaler 10, this one is for Citrix NetScaler 11. We all know how to get a private Certificate for free: You just have to set up a Windows Server, add a role, select certificate authority. That’s it. However these Certificates are not trusted by any browser, even worse: they are not trusted by...

Making a NetScaler Gateway on NetScaler 11 a bit more secure

M

last update February 7th 2017 There are never versions about SSL-settings We have previously created a NetScaler Gateway on our NetScaler 11. That’s great! Time to check if it’s secure. I usually use SSL labs SSL test, a widely used tool to test the security of a website. I have an other blog about NetScaler virtual servers (contentswitching and loadbalancing SSL offloading servers)...

Recent Posts

Recent Comments