TagWAF

A really good WAF for NetScaler AAA/Gateway

A

With NetScaler 14.1, Citrix started to allow binding Web Application Firewall (WAF) policies to the gateway and to a AAA vServer or a Gateway. Why does it make sense to bind a WAF to the gateway? The more popular Citrix NetScaler became, the greater the interest of hackers in NetScaler grew. And NetScaler is now a very widely used tool for remote access. Due to the increased interest of hackers...

Securing Citrix Gateway using Citrix ADC Bot Management, Citrix Web Application Firewall and DOS-Protection

S

last update: February 21st 2022 Recently, I had been asked, how to protect a gateway from threads. It’s easy, I thought, Citrix ADC has everything needed in good quality: A Bot Management, Web Application Firewall (WAF), and AppQoE (Application quality of experience, a DOS protection feature). So nothing easier than that: Create the policies desired and bind them to the gateway. Shortly...

How to start a Citrix ADC / NetScaler WAF Project, Part 5: Field Formats

H

This is the fifth part of this blog. Part Part 1 2 3 4 5 Form-fields are a major gate to send malicious data to a web-server. It’s obvious, a website programmer does not want to do input validation twice, on the user and on the server-side. What could happen? If everything is tested on the client-side, data arriving on the server-side has to be good. Even worse: If an input field does not...

How to start a Citrix ADC / NetScaler WAF Project, Part 4: Start URLs

H

This is the forth part of this blog. Part Part 1 2 3 4 5 Click here to see how to start your WAF project StartURLs are a powerful tool to protect a web server. Probably, creating StartURLs will be the first thing you need to do. There are two ways to deal with it: Learning or doing. Learning Learning does not mean, you learn, instead Citrix ADC / NetScaler learns about the application. There is...

How to start a Citrix ADC / NetScaler WAF Project Part 2: Signatures

H

This is the second part of this blog. Part 1 2 3 4 5 Click here to see how to start your WAF project Signatures Make sure, signatures get updated automatically. Today (January 22 2020) we have version 40. Check the auto update settings. Check, if Signatures Auto Update is enabled and Click on “Check URL”. This will connect to the update server and see the current version of signatures...

How to start a Citrix ADC / NetScaler WAF Project, Part 1: General

H

This is the forth part of this blog. Part Part 1 2 3 4 5 I am currently working on a Citrix ADC (NetScaler) WAF project. It’s a big international enterprise, security is of some concern to them. So everything hould be pretty much straight forward? Well, it never is. So, how to begin? Well, I almost forgot to mention: I have to introduce myself to the customer. “Hi, I’m Johannes...

Protecting a URL using Citrix ADC responder policies

P

Recently a friend asked a question: How is it possible to bypass a responder policy. They knew it happened, but they could not reproduce. HTML- Encoding HTML Encoding is a stupid trick, used by hackers ever since. Any character may get encoded using a encoding table. So instead of using you might use something like . This is strictly following standards. No one does, as it is huge overhead, but...

statistical data from Citrix ADC / NetScaler APPFW logs

s

Sometimes, people want to know, how to extract data from APPFW logs. That’s easy, it is in /var/log/ns.log (and it’s predecessors, these ns.log.XX.gz). grep APPFW ns.log will extract all application firewall logs. zcat ns.log.*.gz |grep APPFW will do the same to the old logs. Unfortunately this will give you a terrible mess of output. It’s hardly possible to find false positives...

NetScaler WAF profile types

N

One of the first things you do if you need to secure a web appication using Citrix NetScaler ADC WAF (Web paalication Firewall), is setting the correct profile type. Even though the profile type may bet changed later on, it is a serious decision you have to do. There are two settings: The Profile Type Web Application (HTML) XML Application (XML, SOAP) Web 2.0 Application (HTML, XML, REST)...

How will a Citrix ADC (NetScaler) Web-application Firewall (WAF) change your ADC’s behaviour?

H

There is one thing different about a Citrix ADC WAF (Web Application Firewall) compared to most other features in Citrix ADC: It will affect your whole ADC deployment as soon as you turn it on. It you would, for example, turn on rewriting feature (enable feature RW), it would probably add a microsecond or two to packet processing, but apart from this not affect anything, as there are no policies...

Recent Posts

Recent Comments