Jump to content


Photo

Publish IIS website via Netscaler

Started by Ian Middleton , 11 September 2017 - 08:35 AM
2 replies to this topic

Ian Middleton Members

Ian Middleton
  • 80 posts

Posted 11 September 2017 - 08:35 AM

I have published a internal hosted website ( that has its own logon) via the Netscaler by

 

Creating a LB Vserver

doing ssl offload on the NS

then ssl to the webserver

a rewrite policy

a responder policy

 

Everything works fine but just wondering about security and if I need more trying to do this on a standard licence if possible but conscious that there are ways of injecting code into webpages ect so want to cover all my bases if possible



Qiying Liang Citrix Employees

Qiying Liang
  • 4 posts

Posted 12 September 2017 - 06:09 AM

You can use AppFirewall on NetScaler to enhance security.

For the license requirement, please check the following link:

https://www.citrix.com/products/netscaler-adc/netscaler-data-sheet.html



Paul Blitz Members

Paul Blitz
  • 4,004 posts

Posted 13 September 2017 - 03:57 PM

Hey, Good timing, I just spent 2.5 days teaching AppFw!

 

You need Enterprise or Platinum for the AppFW feature.

 

And yes, the Netscaler Application firewall will provide protections against things like SQL injection, forced browsing, CSRF, CSS etc

 

Just enabling the AppFW and enabling the features *can* break your website (you'd be surprised how many site break the "strict rules" - for example, modifying cookies on the client side)  so read up carefully, or come on a CNS-318 training course (it's days 1-3 of the combined CNS-320 Advanced Netscaler course)