• View Communities
    • Citrix Developer Network
      The place for unfiltered straight talk on Citrix products. Blogs, code downloads, best practices, APIs, and more can all be found here.
    • Citrix Ready Community Verified
      Does it work with Citrix? Application compatibility questions are a thing of the past with the new Citrix Community Verified site.
    • Blogs
      Learn the latest from the Citrix employees who are building application delivery infrastructure technologies.
    • Blogosphere
      The Citrix Blogosphere is a window into the thousands of conversations taking place about Citrix and Application Delivery.
  •  Sign In
The Citrix Blog
Blogs for tag 'xss'

Permalink | Twitter Post to Twitter | Comments (1) | Views (7340) |

20 Nov 2008 01:30 PM EST
What is new in the Application firewall in 9.0?
[ Tags:  appfirewall ,   xml ,   soa ,   security ,   firewall ,   soap ,   woa ,   rest ,   validation ,   xdos ,   xss ,   web services ,   sql injection ,   web 2 ,   threat protection ,   denial of service ,   nonspecific ]
posted by vamsi Korrapati

XML firewall

In 9.0, the Application Firewall can be used to protect applications that use XML payloads. These applications include SOAP-based Web services, AJAX applications and REST-based applications that use XML. XML specific security features include

  •     XML Denial of Service protection,
  •     XML Well-formedness check,
  •     XML attachment detection,
  •     Message validation (Schema)
  •     Cross Site scripting and SQL Injection protection
  •     Web services Interoperability (WSI) check

 XML protection is integrated into the Application Firewall. So all applicable firewall features including Start and Deny URLs, Buffer overflow, Cookie protection and Safe Object checks are available. More details on the XML firewall functionality can be found at XML Security Features in Netscaler 9.0

Application Firewall - Integrated Caching interoperability

The 9.0 release has full interoperability between the Application firewall and the Integrated Caching (IC) module on the Netscaler. In the 8.1 release, the Application firewall supports IC for features that do not require parsing the response body.  In 9.0, this restriction is removed. This results in better performance if the application html pages are cacheable. Features like Form field consistency and URL closure benefit from this new functionality.

URL Transform module

URL transform module provides an easy regular expression based approach to rewrite requests and response URLs. This feature is available separate from the application firewall license. It builds on the application firewall parsing technology to rewrite only valid html links.

Custom error pages

When the Application Firewall detects and blocks an invalid request, it can serve out a custom HTML response that has been uploaded or do a 302 redirect to a configured URL. Previous releases could only do the 302 redirect.

Expand Blog Post
Permalink | Twitter Post to Twitter | Comments (0) | Views (9470) |

29 May 2008 01:21 PM EDT
Citrix Web App Firewall Blocks the Nihaorr1 Script
[ Tags:  appexpert ,   apptips ,   citrix ,   firewall ,   injection ,   netscaler ,   nihaorr1 ,   sql ,   tips ,   waf ,   xss ,   js ,   wasc ,   wafec ,   owasp ,   haoliuliang ,   lb ,   llb ,   slb ,   clustering ,   app firewall ,   web firewall ,   sql injection ,   web security ,   web site firewall ,   website firewall ,   web filter ,   content filter ,   application blocking ,   citrix load balancer ,   citrix load balancing ,   link load balancer ,   link load balancing ,   load balancer ,   load balancing ,   server load balancer ,   server load balancing ,   security load balancer ,   security load balancing ,   hardware load balancer ,   hardware load balancing ,   next gen load balancing ,   website load balancer ,   website load balancing ,   application load balancer ,   application load balancing ,   application switch ,   web application controller ,   application controller ,   application delivery ]
posted by Craig Ellrod

Hundreds of Thousands of Web Servers have been getting hacked, including several at the United Nations. The appearance is that the hack exploits a vulnerability in Microsoft IIS because of a Microsoft SQL Specific injection payload, however the attack is capable of infecting any type of web server open to SQL Injection and Cross Site Scriting (XSS) attacks.

Microsoft released some security bulletins (951306, MS08-006) stating vulnerabilities in their IIS web server,  alluding to the vulnerabilities recently brought to light. A script homed at nihaorr1.com based in China was found to be infecting many servers, and spreading quickly. Further research into the problem indicates that non-Microsoft types of servers may also be affected by the attack.

As of May 12, 2008, Google's Index had 1,700,000 infected pages.  The domains currently being injected that contain the malicious Javascript are:

  • nihaorr1.com
  • 2117966.net
  • aspder.com
  • haoliuliang.net
  • nmidahena.com
  • free.hostpinoy.info
  • xprmn4u.info
  • winzipices.cn
  • wowgm1.cn
  • killwow1.cn
  • wowyeye.cn
  • wowgm1.cn
  • winzipices.cn

This vulnerability and others like it can easily be stopped with a Citrix Web Application Firewall using default policies to block SQL injection and Cross Site Scripting. We setup a demo in our lab, to show how easy it is to configure and block this type of threat.

See the mailicious script in action:


Watch how Citrix Web App Firewall blocks the malicious script:


See how easy it is to configure the Citrix Web App Firewall:


Read about the Citrix Application Firewall here.

Buy the Citrix Application Firewall here.

Tap into the power of AppExpert

Expand Blog Post