Category Archives: NetScaler

Setting languages for websites using Citrix NetScaler ADC

Last update: Sept. 26 2018 I recently had to set languages, using my Citrix ADC (NetScaler), for a website. My customer has several similar web-pages in different subdirectories. Naming scheme is like this: http://example.com/en for English http://example.com/de for German … There is currently a total of 12 languages. There had… Read more »

Concerns about Citrix NetScaler Web Application Firewall (WAF)

Let’s talk about a WAF, a Web Application Firewall on a Citrix NetScaler. What’s to be concerned off? Is it worth while considering a NetScaler to be your WAF? I do work for several companies, including Citrix Consulting Services. Recently I worked on some Web Application Firewall projects, so I… Read more »

Scheduling NetScaler commands for a specific time on Citrix NetScaler

Last update: 2018/03/27 Sometimes we have to schedule commands in a Citrix NetScaler. A good example would be: force HA failover It’s obvious, we don’t want to fail over during day time to not disconnect TCP connections, to not interrupt users. The best time would be something like 3:30 AM…. Read more »

Citrix NetScaler Logging and policy trouble shooting

Citrix NetScaler Logging and policy trouble shooting Some times it’s quite hard to understand what’s going on. There is so much mystics about policies. And it’s even harder to understand what went on (past tense). “Johannes, there had been several problems connecting to <any blabla application here>” “I’m sorry, I… Read more »

DDOS protection using Citrix NetScaler, 2nd part

Yesterday I published a blog about DDOS- protection. I used the Citrix NetScaler AppQoE feature to do so. That’s nice, but not enough. I still could beat my server to a pulp easily. Just 10 clients launching a DDOS attack using HULK had been enough. I can’t throttle down the… Read more »

DDOS protection using Citrix NetScaler, 1st part

last update: February 21st 2018 How to protect a website using Citrix NetScaler? Well it seems to be easy. A nonsense question. We may use AppQoE (Application level Quality of Experience), a feature introduced with NetScaler version 10, so it’s quite an old feature. Let’s start. AppQoE is enterprise edition… Read more »

Binding many NetScaler Gateways to a content switching vServer on Citrix NetScaler, Method 1

last update: November 14 /2017 Or: The power of the ANY service type This is a work around for a well-known problem in NetScaler: Binding NetScaler Gateways to content switching vServers. This solution does not follow Citrix best practices. Avoid using it, if you can! My solution will work with… Read more »

Splitting up a NetScaler site using admin partitions

(a nice but partly failed try) Complex web applications may lead to complex NetScaler configuration. And sometimes an administrator may get lost troubleshooting complex websites, especially sites using content switching. This is an example of a real world website: The portal page is assembled of several independent web applications. Each… Read more »

Changing my Citrix NetScaler VPX based website from http to https and scoring an A+ in SSL labs test

Last update: July 12 2018 This blog is about NetScaler versions up to 12. For 12.1 read here Citrix NetScaler load balancing and content switching servers will only score an C in quality labs SSL test, no matter if you use a VPX, MPX or SDX. There are several reasons for… Read more »

How to get a valide certificate for our NetScaler, if possible for free?

This is an updated blog entry. I first posted it on my old and discontinued blog at blog.com for Citrix NetScaler 10, this one is for Citrix NetScaler 11. We all know how to get a private Certificate for free: You just have to set up a Windows Server, add… Read more »

Front End Optimization (FEO) on Citrix NetScaler 11

Last update: July 7th 2018 (FEO testpage does not exist any more, but I updated the download link) I played round on my Citrix NetScaler with Front End Optimization (FEO) in NetScaler 11 built 63.16 (October 2015). There are several requirements. First of all, FEO is a feature depending on… Read more »

Making a NetScaler Gateway on NetScaler 11 a bit more secure

last update February 7th 2017 We have previously created a NetScaler Gateway on our NetScaler 11. That’s great! Time to check if it’s secure. I usually use SSL labs SSL test, a widely used tool to test the security of a website. I have an other blog about NetScaler virtual… Read more »

Setting up a NetScaler Gateway on NetScaler 11

It is quite easy to set up a NetScaler Gateway on NetScaler 11. It’s quite similar to NetScaler 10.5, but the wizard is much more powerful now! I’ll show you how to do it. Prerequisites I assume you have: a certificate in place. This certificate should be a valid certificate created… Read more »

Enabling ECDHE ciphers in NetScaler 10.5

last update: February 7th 2017 Similar but newer posts: Changing my Citrix NetScaler VPX based website from http to https and scoring an A+ in SSL labs test and Making a NetScaler Gateway on NetScaler 11 a bit more secure ECDHE Ciphers, this means, Elliptic curve Diffie–Hellman type of cyphers,… Read more »

Replacing HTTP server related information using a NetScaler policy label

It may not be the strongest security measure, but many administrators are not quite sure about HTTP headers like Server or X-Powered-By. There seems to be just one reason why this header has to be in a HTTP response: It makes life easier for a hacker. So why not just… Read more »

Hacking nsroot

      3 Comments on Hacking nsroot

Hacking nsroot on a NetScaler with default settings is completely easy! I missed this one in Neil Spelling’s excellent blog about penetration testing NetScalers. What do you need to hack a NetScaler if you forgot your nsroot password? An external authentication source. How does NetScaler authentication work? Well, NetScaler will… Read more »

Add a certificate to NetScaler’s admin page

      No Comments on Add a certificate to NetScaler’s admin page

Usually the admin page is protected by a self signed certificate. So if you surf to your NetScaler using SSL (and you always should manage your NetScaler using SSL!!!) you’ll face a certificate warning. Eventually you could consider this warning to be of no relevance. It is your NetScaler, your… Read more »

Pimping a website using NetScaler 10.5 (adding style, favicon, …)

I wanted to customise my blog, but I did not want to dig deep into wordpress. This seemed to much effort, and I don’t know if next update of WordPress would compromise my changes. I wanted to make permanent changes in a way that would survive any update. So I… Read more »