Blog posts tagged with 'netscaler'
Rewrite
Performing content rewrite at milli-speed is key to providing a front-end device for application delivery. Most important is the capability to rewrite both request and response headers & body content which the Citrix Application Switch does and it is an easy 3-step process to configure. Not only is it easy, it scales to Enterprise class applications, which we demonstrated here with the Oracle Enterprise Business Suite v12 in our lab in Santa Clara, CA, USA.
This Content Rewrite Deployment Guide walks through the steps necessary to quickly profile an application and configure the Citrix Application Switch for content rewrite. This deployment guide can be used as a reference for other Enterprise applications, in addition to Oracle. Some typical examples of how customers use the Citrix Application Swtich for content rewrite are to Insert the Client-IP as an HTTP Header, Delete old X-Forwarded-For headers, Tag SSL and non-SSL Connections, Mask the HTTP server type (Server Obfuscation), Redirect external URLs to Internal URLs (Application Obfuscation), Migrate Apache rewrite module rules, Redirect marketing keyword requests, Redirect old home pages and Redirect queries to the appropriate server.
The Citrix Rewrite Deployment Guide.
Watch this Rewrite Tip:
Tap into the power of AppExpert!
Read about the Citrix Application Switch here.
Buy the Citrix Application Switch here.
In the Application Expert series part 2, Caching, I released a Deployment Guide discussing Static and Dynamic Caching. As we are partners with Microsoft, we recently did some work here internally setting up some Dynamic Caching for an ASP.NET application and thought we would share the knowledge. This Caching Deployment Guide for ASP.NET Web Applications discusses the way an Application Expert would find out the potential caching scenarios that a web application can benefit from, and shows how to create and test the NetScaler caching policies and settings to put these scenarios into effect.
Tap into the power of AppExpert!
If you have been following the communication industry, you have no doubt been barraged by all these talks about Unified Communications. But all these years of hype, Unified Communications remains just a fragment of imagination. Why?
Let me share with you just one big reason why, it is not UNIFIED!
Unified Communications is actually a misnomer. What the telephony vendors are doing is to tie you into their own suite of products that they hastily bundle together, then slapping on the Unifeid Communications name. It is not unified because telephony system from one vendor does not work well with the system from another vendor. Furthermore, there are great limitations on how the telephony companies implemented Unified Communications.
Let's look at the click-to-call technology. Most telephony companies will claim that they support this as part of Unified Communications. However, you will find that this one capability is only limited to one or two popular software applications. You will also discover that in order to extend click-to-call to other applications, you are expected to invest in internal development resources as well as external professional services from the telephony companies. It becomes too cost prohibifive when you need to include communication into more than two or three applications.
If you cannot put a simple click-to-call technology without making your customers break the bank, do you still have the right to call your solution Unified Communications? I think not.
Citrix comes out with a click-to-call solution, called EasyCall, that challenges the current mindset. We are challenging the status-quo on how the current crops of Unified Communications vendors conduct business. EasyCall is a disruptive technology that enables click-to-call on any applications using any phone devices! It is an agnostic solution that gives you the freedom to leverage your existing infrastructure and achieve real hard dollar savings.
Join Citrix Experts for this TechTalk webinar and learn how Citrix NetScaler Application Firewall prevents web applications attacks automatically-without degrading throughput or application response times!
In this session learn:
- How NetScaler Application Firewall works
- How to manage web traffic & provide protection at application layer 7
- The inside scoop on SQL injection, cross-site scripting exploits, forceful browsing & many other attacks
When
Wednesday, June 11th 2008
1:00p (EDT)
Duration: 60 Minutes
Click here to register!
Application Delivery is at the top of the list of any organization's priorities. Keeping up with those priorities requires a move to dynamic application delivery and virtualization. The Citrix NetScaler Application Switch is a powerful step in that direction.
Compressing content at the server level can be done, but is tedious, and with the number of hosted servers on the backend growing proportionally with virtualization, it is better suited to a frontend tool.
As an Application Expert, determining what type of content is compressible vs. that which is not compressible should be at the tip of your tongue, or at least you should be able to reference this post or document. The thing is, while some content types remain compressible/non-compressible across many applications, you might run across an application that requires some content be treated uniquely. For example, the SAP application requires that pdf files should not be compressed when sent back to the clients. Either way, you should know how to dynamically configure rules to accommodate for the applications content. This Compression Deployment Guide shows you how.
Watch this Compression Tip:
Buy the Citrix NetScaler Application Switch here.
Tap into the power of AppExpert.
Many news reports have recently identified the increased threat to web sites and applications from SQL injections, the most recent example being the Nihaorr1 script that resulted in over 600,000 sites being infected even including the Department of Homeland Security and the UN. Although initially identified as a Windows IIS server vulnerability, the root cause of the recent exposure goes beyond IIS and has identified lax web application coding as the culprit. A Register interview with the DHS assistant secretary for Cybersecurity is quoted as saying " our networks are only as strong as the weakest link " which makes sense but also identifies how vulnerable web applications are on the web. If a company is relying on the variability of programmer security knowledge and limited QA testing to protect their web app from yet to be defined threats, it's no wonder that so many sites are exposed and hacked.
Perhaps one of the ways to better protect an organization from the next undefined attack is to look at minimizing the impact of variability. A common best practice in the manufacturing industry is to evaluate every process and implement techniques and tools to reduce variability so as not be overly dependent on a final test or inspection which always has some level of escapes. This is the core of the Six Sigma technique that many world class manufacturers utilize to improve product quality.
As applied to IT protecting Web Applications, a tool that can be implemented to reduce the impact of programmer variability is to utilize a Web App firewall such the positive security model feature of the NetScaler Application Firewall. This feature recognizes best coding practices for HTML and Industry HTTP standards and automatically blocks Web App behavior and variations outside a known-good model. The result is a significant reduction in the risk created by variable programmer skills and expensive but incomplete QA testing. In the specific example of the Nihaorr1 attack, a recent test validated that the NetScaler Firewall was indeed able to block the Nihaorr1 script using the default configurations. Additionally the learning features of the App Firewall can be used for more granular configurations and protection as well.
So before the next threat to your web applications is discovered, it may be worth further investigation as to the human influence of variability in IT operations and consider steps to mitigate the risks.
Hundreds of Thousands of Web Servers have been getting hacked, including several at the United Nations. The appearance is that the hack exploits a vulnerability in Microsoft IIS because of a Microsoft SQL Specific injection payload, however the attack is capable of infecting any type of web server open to SQL Injection and Cross Site Scriting (XSS) attacks.
Microsoft released some security bulletins (951306, MS08-006) stating vulnerabilities in their IIS web server, alluding to the vulnerabilities recently brought to light. A script homed at nihaorr1.com based in China was found to be infecting many servers, and spreading quickly. Further research into the problem indicates that non-Microsoft types of servers may also be affected by the attack.
As of May 12, 2008, Google's Index had 1,700,000 infected pages. The domains currently being injected that contain the malicious Javascript are:
- nihaorr1.com
- 2117966.net
- aspder.com
- haoliuliang.net
- nmidahena.com
- free.hostpinoy.info
- xprmn4u.info
- winzipices.cn
- wowgm1.cn
- killwow1.cn
- wowyeye.cn
- wowgm1.cn
- winzipices.cn
This vulnerability and others like it can easily be stopped with a Citrix Web Application Firewall using default policies to block SQL injection and Cross Site Scripting. We setup a demo in our lab, to show how easy it is to configure and block this type of threat.
See the mailicious script in action:
Watch how Citrix Web App Firewall blocks the malicious script:
See how easy it is to configure the Citrix Web App Firewall:
Read about the Citrix Application Firewall here.
Buy the Citrix Application Firewall here.
Tap into the power of AppExpert
As an addendum to the Citrix NetScaler Policy Engine post I wrote recently, I pulled together some Frequently Asked Questions (FAQ) pertaining to the Policy Engine (PE). Policies are used to configure various Citrix NetScaler Application Switch features, and are executed in the order of their priorities. The priorities are configurable and increment in units of 10.
Watch this Policy Priority Tip:
Tap into the power of AppExpert!
Application developers are leveraging Ajax to deliver the next generation of Web applications. In this white paper learn:
- What Ajax is (and isn't)
- How Ajax applications differ from traditional web applications
- How Citrix NetScaler can increase the performance of Ajax applications while reduce the cost of hosting Ajax applications
Policies are used to configure various Citrix NetScaler Application Switch features. For example, the parameters for compressing content are defined in a compression policy.
The features that use policies are:
- Load Balancing
- Content Switching
- Content Filtering
- AppCompress
- Cache Redirection
- SSL VPN
- Priority Queuing
- DoS Protection
- Sure Connect
Policy expressions are applied to content that enters the switch. Expressions are shared among features, but actions are feature-specific. For example, you can create an expression to identify .pdf files being sent through the system. You can then create a compression policy that uses this expression to compress those files. The Policy Engine (PE) refers to the architecture in the Citrix NetScaler Application Switch for versions up to 8.x. The architecture for Policy Engine and the manner in which it operates is presented in this Deployment Guide. Did you know that each feature in the Citrix NetScaler Application Switch is processed in a certain order, and the Policy Engine (PE) applies policy according to that order. That order is represented in this diagram and discussed in the Deployment Guide for Policy Engine (PE).
Watch this Policy Engine Tip:
Tap into the power of AppExpert!
Page: 1 2 3 Next >>
-
Subscriptions
