ONURCAN KAYMAK Posted August 29, 2023 Share Posted August 29, 2023 Suppose that a bot is attacking a server using http get flood using https. How can a ddos detect this flood if the traffic is encrypted ? Link to comment Share on other sites More sharing options...
Akhil Nair Posted August 29, 2023 Share Posted August 29, 2023 Hi @ONURCAN KAYMAK - Are you referring to a volumetric DDoS attack? Link to comment Share on other sites More sharing options...
Rick Davis Posted August 29, 2023 Share Posted August 29, 2023 The NetScaler is a secure reverse proxy and as such, it has encrypted sessions with both the clients and the servers. During this process it forwards the GET requests and can throttle the rate of these requests to the backend server. See our Rate Limiting documentation. Link to comment Share on other sites More sharing options...
Morten Kallesøe Posted September 11, 2023 Share Posted September 11, 2023 It can't - how could it? its encrypted.If you create an SSL vServer with the proper certificate, you decrypt the traffic first, and then a LB+SG with SSL option, to re-encrypt it before going to the backend, you would be able to create some ddos mechanisms. Link to comment Share on other sites More sharing options...
ONURCAN KAYMAK Posted October 12, 2023 Author Share Posted October 12, 2023 No I'm not referring a volumetric DDoS attack, my question is that what is the best protection method against L7 DDoS attack especially for not volumetric ones ? Rate Limiting is a good way to prevent from most of L7 DDoS attacks but i think it's better to first decrypt encrypted traffic on L7 DDoS device and then to send it to Citrix ADC to inspect the traffic one more time might be a better solution. I only want to learn best way of it. Link to comment Share on other sites More sharing options...
Morten Kallesøe Posted October 13, 2023 Share Posted October 13, 2023 Why not let NetScaler (formerly known as Citrix ADC) decrypt it aswell?also, i think you need to get your terminology straight, a DDoS - Distributed Denial of Service, IS some kind of volume metric attack. DoS - Denial of service, is just taking a service out, without too much fuzz (eg. taking up all connections from a single client and not closing them, leave the device unable to take in more connections - this is just an thought, not something that happens on NetScaler)Could you please describe what kind of scenarios you are looking to protect from (and be as specific as possible) then we are better able to guide you in the right direction.Stay True, Stay Real. Link to comment Share on other sites More sharing options...
Kai Thorsrud Posted October 13, 2023 Share Posted October 13, 2023 Morten is correct and on the right track. The best way would be to let Netscaler decrypt the traffic. Then you can use Botnet Framework, WAF , IP Reputation or several other of the Netscaler protection features handle it. I have successfully handled several DDOS attackes using netscalers in the past. The problem is that if you are new to this with no experience implementing the correct protection / rules for the DDOS you are experiencing takes experience and will be a challenge. I have successfully stopped several ddos attacks and made several companies survive black friday, lauch of playstation 5 and similar. I find Netsclaer to kick ass on stopping L7 DDOS attacks if you can decrypt the traffic. The problem is the config my friend. Learning protocols, spotting patterns in the attack takes experience.. No i do not have time to help with config. Link to comment Share on other sites More sharing options...
Kai Thorsrud Posted October 13, 2023 Share Posted October 13, 2023 hehe this was an old post.. didnt notice Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now