How to Use NetScaler Appliance to Avoid DDoS Attacks.
Citrix ADC (formerly known as NetScaler ADC) offers various features and configurations to help protect against Distributed Denial of Service (DDoS) attacks. Here are some ways to configure DDoS protection on Citrix ADC:
Rate Limiting: Configure rate limiting policies on your Citrix ADC to restrict the number of requests per second from a particular source IP address. This helps mitigate the impact of high-volume DDoS attacks.
https://docs.netscaler.com/en-us/citrix-adc/current-release/appexpert/rate-limiting.html
Connection Limiting: Implement connection limiting to restrict the maximum number of concurrent connections from a specific source IP address or subnet. This helps protect against connection-based DDoS attacks that attempt to exhaust server resources.
https://docs.netscaler.com/en-us/citrix-adc/current-release/load-balancing/load-balancing-advanced-settings/set-limit-on-max-client.html
SYN Flood Protection: Enable SYN flood protection to defend against SYN flood attacks. This feature protects the system by monitoring the number of half-open connections and dropping excessive connection requests.
https://support.citrix.com/article/CTX131681/how-to-use-netscaler-appliance-to-avoid-layer-7-ddos-attacks
IP Reputation Filtering: Utilize IP reputation filtering to block traffic from known malicious IP addresses or IP ranges. Citrix ADC can integrate with third-party IP reputation databases or use its built-in database for filtering.
https://docs.netscaler.com/en-us/citrix-adc/current-release/reputation/ip-reputation.html
Application Firewall: Configure an application firewall on Citrix ADC to inspect incoming traffic and block requests that match specific attack patterns. This helps protect against application-layer DDoS attacks, such as HTTP floods or SQL injection.
https://support.citrix.com/article/CTX131681/how-to-use-netscaler-appliance-to-avoid-layer-7-ddos-attacks
HTTP DoS Protection: Enable HTTP DoS protection on Citrix ADC to detect and mitigate HTTP-based DDoS attacks. This feature applies behavioral analysis and rate limiting to HTTP traffic, protecting the system from excessive requests.
https://docs.netscaler.com/en-us/citrix-adc/current-release/getting-started-with-citrix-adc/features/security-and-firewall-features.html
Traffic Shaping: Implement traffic shaping policies to prioritize and allocate bandwidth for critical applications during periods of high traffic. This helps mitigate the impact of DDoS attacks by ensuring important services receive the necessary resources.
https://docs.netscaler.com/en-us/citrix-sd-wan-wanop/current-release/faqs/traffic-shaping.html