Jump to content

Gijs Lemahieu

Members
  • Posts

    6
  • Joined

  • Last visited

  • Days Won

    1

Gijs Lemahieu last won the day on April 23

Gijs Lemahieu had the most liked content!

Gijs Lemahieu's Achievements

Rookie

Rookie (2/14)

  • First Post Rare
  • Conversation Starter Rare
  • Week One Done
  • One Month Later
  • One Year In

Recent Badges

1

Reputation

  1. Hi Sam, definitely interesting articles (especially the first one). We use some, but not all, of these features and I'll definitely investigate the remaining ones. Nevertheless, none of these really handles my question to set up some kind of booby trap and when there is a hit, all consequent requests from that IP will be blocked. Do you (or someone else) see a solution for this? Regards, Gijs.
  2. Hi, on our environment, we notice quite often the same behaviour. Our environment is under attack and we notice this: - lots of requests in a short amount of time (like 20000 requests in a couple of minutes) - a lot of different (not existing) requests are fired (url.path : /wp-admin, /wp-content, index.php, ...) I would like to configure some trap. E.g. - if we don't host WordPress on a specific virtual server and someone tries to access wp-admin - if someone tries to access index.php (while php isn't used) => then we can consider all requests from this ip / user as malicious and all consequent requests from this ip should be blocked (e.g. for the next 30 minutes). I know I can block these requests with the WAF feature but implementing WAF is taking some time, and will only block the requests listed in the 'deny url list' (or the other way around with the start url feature) I've tried setting up bot management (bot trap technique) but this is another approach and doesn't block this kind of attack. Is there any way to block this kind of attack with some kind of trap? Regards, Gijs
  3. Hi @Kari Ruissalo, your suggestion solved my problem indeed. Thanks for your help, problem is solved! Regards Gijs
  4. Hi, Hope someone can help me here 😉 I've set up a new Netscaler (version 13.1 52.19) and I would like to configure a new Netscaler Gateway VS (making use of a nfactor Authentication Profile). Users should authenticate with ldap and radius. Carl has a great article https://www.carlstalhood.com/citrix-gateway-radius-authentication/ and this is functionally working. I'm a bit confused though on how I can change the labels (according the browsers language) and the user interface. A Portal Theme (copy of RfWebUI) is assigned to the Citrix Gateway VS, but I don't know if this is still making any sense as I'm making use of a login Schema? In attachment you can see the result I've got now. What I've tried (but without result): get the name of the custom login schema I've configured, open the xml file and get the labels (see second attachment). change the language file and configure the custom text (see third attachment) I don't know why but it seems like the customization isn't picked up. Can someone tell me what I'm doing wrong? Any help is much appreciated! Another question is where I can change stuff like the background color and a logo, should I do this in the portal theme assigned? Regards
  5. Idea is to configure a responder policy and check if the http.req.url is listed in a pattern set (hosted on the netscaler itself), and if the condition is true => log the source ip to another pattern set. Consequently, I can configure second responder policy, and verify if the source ip is listed in the first pattern set (filled up by the 1st responder policy). When the condition is true, i would block that request. In that way, I would have some kind of auto block mechanism when someone (or something) tries to access specific url's (like /wp-admin or other similar stuff ...) that all subsequent request from that user would automatically be blocked I don't know however, if it is somehow possible to fill up a pattern set as a responder action or a audit message action.
×
×
  • Create New...