CategoryWAF

How to start a Citrix ADC / NetScaler WAF Project, Part 5: Field Formats

H

This is the fifth part of this blog. Part Part 1 2 3 4 5 Form-fields are a major gate to send malicious data to a web-server. It’s obvious, a website programmer does not want to do input validation twice, on the user and on the server-side. What could happen? If everything is tested on the client-side, data arriving on the server-side has to be good. Even worse: If an input field does not...

How to start a Citrix ADC / NetScaler WAF Project, Part 4: Start URLs

H

This is the forth part of this blog. Part Part 1 2 3 4 5 Click here to see how to start your WAF project StartURLs are a powerful tool to protect a web server. Probably, creating StartURLs will be the first thing you need to do. There are two ways to deal with it: Learning or doing. Learning Learning does not mean, you learn, instead Citrix ADC / NetScaler learns about the application. There is...

How to start a Citrix ADC / NetScaler WAF Project Part 2: Signatures

H

This is the second part of this blog. Part 1 2 3 4 5 Click here to see how to start your WAF project Signatures Make sure, signatures get updated automatically. Today (January 22 2020) we have version 40. Check the auto update settings. Check, if Signatures Auto Update is enabled and Click on “Check URL”. This will connect to the update server and see the current version of signatures...

How to start a Citrix ADC / NetScaler WAF Project, Part 1: General

H

This is the forth part of this blog. Part Part 1 2 3 4 5 I am currently working on a Citrix ADC (NetScaler) WAF project. It’s a big international enterprise, security is of some concern to them. So everything hould be pretty much straight forward? Well, it never is. So, how to begin? Well, I almost forgot to mention: I have to introduce myself to the customer. “Hi, I’m Johannes...

NetScaler WAF profile types

N

One of the first things you do if you need to secure a web appication using Citrix NetScaler ADC WAF (Web paalication Firewall), is setting the correct profile type. Even though the profile type may bet changed later on, it is a serious decision you have to do. There are two settings: The Profile Type Web Application (HTML) XML Application (XML, SOAP) Web 2.0 Application (HTML, XML, REST)...

How will a Citrix ADC (NetScaler) Web-application Firewall (WAF) change your ADC’s behaviour?

H

There is one thing different about a Citrix ADC WAF (Web Application Firewall) compared to most other features in Citrix ADC: It will affect your whole ADC deployment as soon as you turn it on. It you would, for example, turn on rewriting feature (enable feature RW), it would probably add a microsecond or two to packet processing, but apart from this not affect anything, as there are no policies...

Detecting Slowloris with Citrix NetScaler (Citrix ADC)

D

Last update: Nov 21th, 2018 tested using firmware 11.1 If you read about slowloris, you always read about NetScaler doing a great job. Tests in our lab environment show: NetScaler will successfully block these attacks. And there is hardly anything we have to do about it: It’s built into the system. Great news indeed! The only thing we have to do is reduce client idle timeout to a lower...

Concerns about Citrix NetScaler Web Application Firewall (WAF)

C

Let’s talk about a WAF, a Web Application Firewall on a Citrix NetScaler. What’s to be concerned off? Is it worth while considering a NetScaler to be your WAF? I do work for several companies, including Citrix Consulting Services. Recently I worked on some Web Application Firewall projects, so I have some experience on it. Usual concerns will a Citrix NetScaler be really safe WAF? How...

Logging more detailed data about websites blocked by NetScaler Web Application Firewall (WAF)

L

last update: April 16th 2018 I had been asked recently: Johannes, how can we log data about NetScaler Application Firewall policy hits in detail? The standard NetScaler Web Application Firewall log-files NetScaler’s Web Application Firewall logs to /var/log/ns.log. These logs are fine for trouble shooting. There is a good description about these logs here. This is a sample log, stolen from...

DDOS protection using Citrix NetScaler, 2nd part

D

Yesterday I published a blog about DDOS- protection. I used the Citrix NetScaler AppQoE feature to do so. That’s nice, but not enough. I still could beat my server to a pulp easily. Just 10 clients launching a DDOS attack using HULK had been enough. I can’t throttle down the number of users to just 10! WTF? Basically AppQoE will just limit the number of users (actually it’s the...

Recent Posts

Recent Comments