Gijs Lemahieu1709159845 Posted August 28, 2023 Share Posted August 28, 2023 Idea is to configure a responder policy and check if the http.req.url is listed in a pattern set (hosted on the netscaler itself), and if the condition is true => log the source ip to another pattern set. Consequently, I can configure second responder policy, and verify if the source ip is listed in the first pattern set (filled up by the 1st responder policy). When the condition is true, i would block that request. In that way, I would have some kind of auto block mechanism when someone (or something) tries to access specific url's (like /wp-admin or other similar stuff ...) that all subsequent request from that user would automatically be blocked I don't know however, if it is somehow possible to fill up a pattern set as a responder action or a audit message action. Link to comment Share on other sites More sharing options...
CarlStalhood Posted August 28, 2023 Share Posted August 28, 2023 You can set Responder Policy to have an action of Drop. Otherwise, use variables - https://docs.netscaler.com/en-us/citrix-adc/current-release/appexpert/variables/configuring-using-variables.html Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now