NetScaler Security – Layer 4-7 DDoS Protection

NetScaler protects against Layer 4 SYN Flood attacks, by utilizing a SYN Cookie, NetScaler ensures that memory is first allocated to a TCP Session when TCP 3-way handshake is completed.

Furthermore, Application Firewall and Rate Limiting could be implemented to mitigate both L4 and L7 attack.

This article will focus on Rate Limiting as a step to prevent Layer 4-7 DDoS and Brute Force attacks.

Following NS CLI commands implements Rate Limiting by using NetScaler Responder feature.

By implementing Rate Limiting, there is a risc of blocking legitimate traffic. Therefore test carefully.

Start with creating an audit action which we can use to report any hits when Rate Limiting is triggered:

Create Responder HTML Error page:

Create Rate Limit Selector and Identifier:

Example here defines maximum allowed requests to 5 within timeslice of 10 seconds, before the Responder is hit and connection is dropped or redirected to error page.

Create Responder policy and bind to required vServer, in this example NetScaler Gateway:

Responder HTML Error page “ratelimit-violation” example:


Leave a Reply

Your email address will not be published. Required fields are marked *