Category Archives: Citrix themes

Citrix NetScaler as a SAML IDP and SAML SP

      No Comments on Citrix NetScaler as a SAML IDP and SAML SP

I needed to use a Citrix NetScaler both, as a SAML identity provider (IDP) and service provider (SP). So I set up my test environment accordingly. What my test environment looked like: You see, I created two admin partitions on my Citrix NetScaler, one for the service provider (SP partition),… Read more »

Scheduling NetScaler commands for a specific time on Citrix NetScaler

Last update: 2018/03/27 Sometimes we have to schedule commands in a Citrix NetScaler. A good example would be: force HA failover It’s obvious, we don’t want to fail over during day time to not disconnect TCP connections, to not interrupt users. The best time would be something like 3:30 AM…. Read more »

Creating a Citrix NetScaler Test environment

last update: October 2017 (LINUX support) Creating a Citrix NetScaler Test environment Being a Citrix Certified Instructor I am very much aware of the Red/Green/Blue website used during official Citrix NetScaler training (CNS-220, CNS-222). I created my own test website. I usually use it during product demonstrations to present anything… Read more »

Citrix NetScaler Logging and policy trouble shooting

Citrix NetScaler Logging and policy trouble shooting Some times it’s quite hard to understand what’s going on. There is so much mystics about policies. And it’s even harder to understand what went on (past tense). “Johannes, there had been several problems connecting to <any blabla application here>” “I’m sorry, I… Read more »

Why do I love HDX on UDP in Citrix XenDesktop and XenApp?

Why do I love HDX on UDP in Citrix XenDesktop and XenApp? (HDX Enlightened Data Transport EDT) Well, I’m mainly a network guy. So I’ll take a look at this brand new feature from networking perspective.I’ll start from scratch, so I don’t assume you understand network protocols. But let me… Read more »

DDOS protection using Citrix NetScaler, 2nd part

Yesterday I published a blog about DDOS- protection. I used the Citrix NetScaler AppQoE feature to do so. That’s nice, but not enough. I still could beat my server to a pulp easily. Just 10 clients launching a DDOS attack using HULK had been enough. I can’t throttle down the… Read more »

DDOS protection using Citrix NetScaler, 1st part

last update: February 21st 2018 How to protect a website using Citrix NetScaler? Well it seems to be easy. A nonsense question. We may use AppQoE (Application level Quality of Experience), a feature introduced with NetScaler version 10, so it’s quite an old feature. Let’s start. AppQoE is enterprise edition… Read more »

Selecting the correct language based on Accept-Language HTTP header using Citrix NetScaler responder policies

I recently was hired to create a web application firewall (WAF) using Citrix NetScaler to protect a SAP Hybris based e-shop. This shop has content for several languages, so we had to select the right home page. The base URL of the website was like that: https://shop.domain.com/shop/language/. SSL was optional…. Read more »

Redirecting a user to a SSL page (preserving the URL)

I’m just setting up a Web Application Firewall on a Citrix NetScaler 11.1 for a costumer’s shop. My costumer mandated: most of the website has to be available via HTTP. However we don’t want to expose sensitive information to the internet, so we had to create a policy redirecting users… Read more »

Trouble shooting Citrix NetScaler Gateway connection issues

One of the most annoying issues in Citrix NetScaler are ICA / HDX connection issues. The reason for this is the way connection issues are reported. There are two potential sources of trouble: Citrix StoreFront and Citrix NetScaer Gateway. So I will divide my blog in three sections: How to… Read more »

Doing Citrix NetScaler trace (nstrace) inside an admin-partition

I was so enthusiastic, when I found out about NetScaler admin partitions! What a great extension to existing NetScalers! However I got disillusioned finding out about limitations. It took me some time to find out how to overcome this issues, but there are still some features missing. The feature I… Read more »

Binding many NetScaler Gateways to a content switching vServer on Citrix NetScaler, Method 1

last update: November 14 /2017 Or: The power of the ANY service type This is a work around for a well-known problem in NetScaler: Binding NetScaler Gateways to content switching vServers. This solution does not follow Citrix best practices. Avoid using it, if you can! My solution will work with… Read more »

Splitting up a NetScaler site using admin partitions

(a nice but partly failed try) Complex web applications may lead to complex NetScaler configuration. And sometimes an administrator may get lost troubleshooting complex websites, especially sites using content switching. This is an example of a real world website: The portal page is assembled of several independent web applications. Each… Read more »