100%(3)3 out of 3 people found this document helpful
This preview shows page 27 - 30 out of 195 pages.
While HTTP Callouts are often associated with filtering traffic as part of Responder or Application Firewall policies, HTTP Callouts can be used with other default policy engine features, including Rewrite and token-based load balancing.
28 The HTTP Callout consists of three types of settings: the traffic destination by IP Address or virtual server, the HTTP Request, and the output to evaluate in the HTTP Response. If the destination for the HTTP Callouts is down, the HTTP Callout does not get invoked and returns an automatic "False" value. This could apply whether the callout points to a direct IP Address destination or a virtual server. In most cases, this will result in the policy where the Callout is referenced not being triggered. In most situations, it is therefore recommended to point the HTTP Callout to a load balancing virtual server with multiple bound services or a backup entity specified to avoid a single point of failure. Exercise 2-2: Configuring Rate Limiting (CLI) This exercise demonstrates the use of the Rate Limiting using NetScaler Command Line Interface. Overview The NetScaler rate limiting feature provides the means to monitor the rate of traffic associated with the entity and take preventive action, in real time, based on the traffic rate. This feature is particularly useful when the network is under attack from a hostile client that is sending the appliance a flood of requests. We can mitigate the risks that affect the availability of resources to clients, and improve the reliability of the network and the resources that the appliance manages. Scenario: The ABC company needs to configure security policy to protect the lb vserver lb_vsrv_rbg from the flooding attack. Configure NetScaler Rate limiting feature to check, if more than three requests from the same source IP for the same URL are seen within 15 seconds. As a NetScaler Admin you need to Create a Limit Selector to identify the source IP address and the URL. Create a Limit Identifier to set a limit of 3 requests in a 15 second time slice. If the Rate Limit is reached provide error page to the user using the Responder feature. Step Action
29 1.View the default page ("/") on lb_vsrv_rbg: Open Internet explorer. Browse for.21.10.101/home.php Reload the page in quick succession by hitting the reload button multiple times. 2.Log on NetScaler Command Line Interface Open PuTTY.exefrom the student desktop. In the Saved session section, click NS_HA_MGMT. Click Open. Log on with following credentials: Login as: nsrootPassword: nsroot3.Create a Limit Selector: add stream selector Limit_Sel HTTP.REQ.URL CLIENT.IP.SRC 4.Create a Limit Identifier: add ns limitIdentifier Limit_ID -threshold 3 -timeSlice 15000 selectorName Limit_Sel 5.Create Responder Action add responder action Limit_act respondwithhtmlpage Error_Page -responseStatusCode 2006.Create Responder Policy add responder policy Limit_pol "http.req.url.eq(\"/home.php\") && sys.check_limit(\"Limit_ID\")" Limit_act7.Bind Responder Policy