Jump to content
Welcome to our new Citrix community!

fail2ban like functionality?


Recommended Posts

Hi,

 

is there a possibility to build something similar like fail2ban with netscaler built-in features?

 

We have an application with a login page. When a user enters wrong credentials several times, the source IP should be blocked for a specific amount of time so the user can't even load the login page.

We tried rate limiting, but faced two problems:

- selector can be CLIENT.IP.SRC && HTTP.REQ.URL, that would trigger everytime a page is loaded too often. But it should only trigger when the login failed (maybe check for HTTP Status Code or "wrong credentials" in the response)

- as a result for the limiter, we could use the responder feature and display a sorry page or something similar. But this is just for the next request. We want to block the user for maybe 15mins.

 

Any idea? Thanks...

 

Link to comment
Share on other sites

Hi Carl,

 

unfortunately, the authentication is done by the backend servers, not on the netscaler.

 

I'm not sure how to use HTTP Callout for what I want to achieve. Can you give just a short idea of what you would do?

Our aim is to "completely" block a source IP if authentication fails for threee times... my idea was to check for the HTTP Status code of the response from the server or for something in the response body.

But that won't work in combination with responder policies (of course, when netscaler acts as responder, there is no response from the server to check)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...