TagNetScaler

Flexible Multi-Factor flows in Citrix ADC (NetScaler) using Azure MFA

F

I came across following issue, doing a Citrix ADC / NetScaler project: My customer wanted to use Azure MFA for internal users and LDAP/RADIUS for external users like contractors and parters. That’s a typical use-case for n-factor authentication. So how do we solve problems like that? The solution A Solution based on group membership The difference between internal and external users is...

A simple way for a Citrix ADC (NetScaler) to respond with a 404 not found

A

I am a big fan of cheating if it comes to security. Giving wrong answers to questions may be misleading and will direct attackers into the wrong direction. This will cost time and, at the same time, rise the risk of being caught red-handed. If someone attacks a website, he has to be discrete and fast. Discrete to not get trapped, quick to be long gone in case the owner learns about the attack. So...

Are there Syslog events coming from partitions?

A

© Wikipedia, Creufop There seems to be no way to log events inside partitions, even though there are settings for logging and configuration seems to be right. They are exactly the same as in default partition. Syslog server is 127.0.0.1, so the local machine. Everything seems to be perfect. But /var/partitions/<partitionname>/log will remain empty. Why? Well, the syslog-server is 127.0.0.1...

Creating Certificates for Citrix ADC (NetScaler)

C

The way we create certificates has not changed significantly over the years. Only the wizard is subject to a certain change. This blog is based on Citrix ADC 13, elder versions don’t differ significantly. The following steps are necessary to create a certificate: Generate the key pair Create the certificate-signing request Generate the certificate (either using Citrix ADC /...

Creating a Citrix ADC / NetScaler Test environment #2

C

last update: May 5th 2020 Almost two years ago I created a test website for Citrix NetScaler. The product is now called Citrix ADC. It had been a set of files, both, for both, Linux and Windows. It allowed you to create a test environment to test load-balancing solutions, content switching and more. My test web page is very similar to the pages, Citrix Educations use in CNS-220 and the first 3...

How to recover a Citrix ADC/NetScaler VPX from CVE-2019-19781 (both on Hypervisor and on SDX)

H

last update: March 2nd 2020 Well, there are many guides. So why do I write a blog about it? Just to have one more? Bull shit! The truth is: I don’t like them at all! What’s wrong about all these guides? They all focus on how to remove malware currently installed on our Citrix ADCs (NetScalers). And, to be honest, it does not make the least little bit of sense. How can you ever be 100%...

How to start a Citrix ADC / NetScaler WAF Project, Part 4: Start URLs

H

This is the forth part of this blog. Part Part 1 2 3 4 5 Click here to see how to start your WAF project StartURLs are a powerful tool to protect a web server. Probably, creating StartURLs will be the first thing you need to do. There are two ways to deal with it: Learning or doing. Learning Learning does not mean, you learn, instead Citrix ADC / NetScaler learns about the application. There is...

How to start a Citrix ADC / NetScaler WAF Project Part 2: Signatures

H

This is the second part of this blog. Part 1 2 3 4 5 Click here to see how to start your WAF project Signatures Make sure, signatures get updated automatically. Today (January 22 2020) we have version 40. Check the auto update settings. Check, if Signatures Auto Update is enabled and Click on “Check URL”. This will connect to the update server and see the current version of signatures...

How to start a Citrix ADC / NetScaler WAF Project, Part 1: General

H

This is the forth part of this blog. Part Part 1 2 3 4 5 I am currently working on a Citrix ADC (NetScaler) WAF project. It’s a big international enterprise, security is of some concern to them. So everything hould be pretty much straight forward? Well, it never is. So, how to begin? Well, I almost forgot to mention: I have to introduce myself to the customer. “Hi, I’m Johannes...

Citrix ADC: Save access from outside (using SSH or SSL)

C

Of course you know the problem. You need to access your Citrix ADC, but you are not in the company. Of course you don’t want to open ports 443 and 22 on the firewall, that would be insane. What can you do? I solved the riddle for http and ssh. The http access It’s more or less easy to connect to a Citrix ADC from outside. You just have to open port 443 to the NSIP, that’s it...

Recent Posts

Recent Comments