Category Archives: Citrix themes

Debugging Authentication problems in Citrix ADC / NetScaler using the aaad.debug file

last update: October 2nd 2018 This is the second part of debugging logon. The first one, a network trace about LDAP, may be found here. Citrix ADC / NetScaler logs all events related to AAA (authentication, authorization, auditing) to /tmp/aaad.debug You need to be nsroot or superuser to successfully log… Read more »

Scoring an A+ on SSL Labs using a Citrix ADC / NetScaler version 12.1

There are serious changes in 12.1. I’m currently investigating these changes and will update this article as soon as any possible   This will be my shortest blog about the subject ever. Citrix finally did it! They created a “Built-in secure front-end SSL profile” called ns_default_ssl_profile_secure_frontend. What do you need… Read more »

Citrix NetScaler ADC: Having fun with Nitro

Recently I had several requests related to NITRO. NITRO is Citrix NetScaler’s API. Any device may communicate to a NetScaler using NITRO. Even a browser! Citrix exposes several settings and counters and even allows changes. NITRO is the central source for scripting NetScalers. I, being rather an administrator than a… Read more »

How can Citrix NetScaler ADC protect cookies from being stolen?

How to protect your cookies using Citrix NetScaler I recently did a web application firewall (WAF) project for a big company owning and hosting hundreds of websites. They did several penetration tests. One of them focussed on cookies. Citrix NetScaler did a great job protecting cookies, cookie tampering was impossible,… Read more »

Detecting Slowloris with Citrix NetScaler (Citrix ADC)

Last update: Nov 21th, 2018 tested using firmware 11.1 If you read about slowloris, you always read about NetScaler doing a great job. Tests in our lab environment show: NetScaler will successfully block these attacks. And there is hardly anything we have to do about it: It’s built into the… Read more »

Citrix NetScaler is dead. Long live the Citrix ADC

All of us are always a bit shy looking at Citrix Synergy: What will it bring? Well, this time, Citrix comes up with brand new names for all products. It’s the first time Citrix is renaming the product. Until now the mane resisted all renaming by marketing departement. Citrix aquired… Read more »

Concerns about Citrix NetScaler Web Application Firewall (WAF)

Let’s talk about a WAF, a Web Application Firewall on a Citrix NetScaler. What’s to be concerned off? Is it worth while considering a NetScaler to be your WAF? I do work for several companies, including Citrix Consulting Services. Recently I worked on some Web Application Firewall projects, so I… Read more »

Citrix ADC (NetScaler) as a SAML IDP and SAML SP

last update: 2018/11/20 I needed to use a Citrix ADC (NetScaler) both, as a SAML identity provider (IDP) and service provider (SP). So I set up my test environment accordingly. What my test environment looked like: You see, I created two admin partitions on my Citrix NetScaler ADC, one for… Read more »

Scheduling NetScaler commands for a specific time on Citrix NetScaler

Last update: 2018/03/27 Sometimes we have to schedule commands in a Citrix NetScaler. A good example would be: force HA failover It’s obvious, we don’t want to fail over during day time to not disconnect TCP connections, to not interrupt users. The best time would be something like 3:30 AM…. Read more »

Creating a Citrix NetScaler Test environment

last update: October 2017 (LINUX support) Creating a Citrix NetScaler Test environment Being a Citrix Certified Instructor I am very much aware of the Red/Green/Blue website used during official Citrix NetScaler training (CNS-220, CNS-222). I created my own test website. I usually use it during product demonstrations to present anything… Read more »

Citrix NetScaler Logging and policy trouble shooting

Citrix NetScaler Logging and policy trouble shooting Some times it’s quite hard to understand what’s going on. There is so much mystics about policies. And it’s even harder to understand what went on (past tense). “Johannes, there had been several problems connecting to <any blabla application here>” “I’m sorry, I… Read more »

Why do I love HDX on UDP in Citrix XenDesktop and XenApp?

Why do I love HDX on UDP in Citrix XenDesktop and XenApp? (HDX Enlightened Data Transport EDT) Well, I’m mainly a network guy. So I’ll take a look at this brand new feature from networking perspective.I’ll start from scratch, so I don’t assume you understand network protocols. But let me… Read more »

DDOS protection using Citrix NetScaler, 2nd part

Yesterday I published a blog about DDOS- protection. I used the Citrix NetScaler AppQoE feature to do so. That’s nice, but not enough. I still could beat my server to a pulp easily. Just 10 clients launching a DDOS attack using HULK had been enough. I can’t throttle down the… Read more »

DDOS protection using Citrix NetScaler, 1st part

last update: February 21st 2018 How to protect a website using Citrix NetScaler? Well it seems to be easy. A nonsense question. We may use AppQoE (Application level Quality of Experience), a feature introduced with NetScaler version 10, so it’s quite an old feature. Let’s start. AppQoE is enterprise edition… Read more »

Selecting the correct language based on Accept-Language HTTP header using Citrix NetScaler responder policies

I recently was hired to create a web application firewall (WAF) using Citrix NetScaler to protect a SAP Hybris based e-shop. This shop has content for several languages, so we had to select the right home page. The base URL of the website was like that: https://shop.domain.com/shop/language/. SSL was optional…. Read more »