- Denial of
Service Attack (DoS) Defense
- Detects and
stops malicious distributed denial-of-service (DDoS) attacks and other types of
malicious attacks before they reach your servers, preventing them from
affecting network and application performance. The NetScaler appliance
identifies legitimate clients and elevates their priority, leaving suspect
clients unable to consume a disproportionate percentage of resources and
cripple your site. The appliance provides application-level protection from the
following types of malicious attacks:
- SYN flood attacks
- Pipeline attacks
- Teardrop attacks
- Land attacks
- Fraggle attacks
- Zombie connection attacks
aggressively defends against these types of attacks by preventing the
allocation of server resources for these connections. This insulates servers
from the overwhelming flood of packets associated with these events.
also protects network resources from ICMP based attacks by using ICMP rate
limiting and aggressive ICMP packet inspection. It performs strong IP
reassembly, drops a variety of suspicious and malformed packets, and applies
Access Control Lists (ACLs) to site traffic for further protection.
For more information, see "HTTP Denial-of-Service
protection from malicious attacks for web sites at the Layer 7 level. The
appliance inspects each incoming request according to user-configured rules
based on HTTP headers, and performs the action the user configured. Actions can
include resetting the connection, dropping the request, or sending an error
message to the user’s browser. This allows the appliance to screen unwanted
requests and reduces your servers’ exposure to attacks.
can also analyze HTTP GET and POST requests and filter out known bad
signatures, allowing it to defend your servers against HTTP-based attacks.
For more information, see "Content
- Functions like
an advanced filter and can be used to generate responses from the appliance to
the client. Some common uses of this feature are generation of redirect
responses, user defined responses, and resets.
For more information, see "Responder."
- Modifies HTTP
headers and body text. You can use the rewrite feature to add HTTP headers to
an HTTP request or response, make modifications to individual HTTP headers, or
delete HTTP headers. It also enables you to modify the HTTP body in requests
appliance receives a request or sends a response, it checks for rewrite rules,
and if applicable rules exist, it applies them to the request or response
before passing it on to the web server or client computer.
For more information, see "Rewrite."
user requests to ensure that the most important traffic is serviced first
during surges in request volume. You can establish priority based on request
URLs, cookies, or a variety of other factors. The appliance places requests in
a three-tier queue based on their configured priority, enabling
business-critical transactions to flow smoothly even during surges or site
For more information, see "Priority Queuing."
- Regulates the
flow of user requests to servers and controls the number of users that can
simultaneously access the resources on the servers, queuing any additional
requests once your servers have reached their capacity. By controlling the rate
at which connections can be established, the appliance blocks surges in
requests from being passed on to your servers, thus preventing site overload.
For more information, see "Surge Protection."
- NetScaler Gateway
NetScaler Gateway is a secure
application access solution that provides administrators granular
application-level policy and action controls to secure access to applications
and data while allowing users to work from anywhere. It gives IT administrators
a single point of control and tools to help ensure compliance with regulations
and the highest levels of information security across and outside the
enterprise. At the same time, it empowers users with a single point of
access—optimized for roles, devices, and networks—to the enterprise
applications and data they need. This unique combination of capabilities helps
maximize the productivity of today's mobile workforce.
more information, see "NetScaler Gateway."
applications from misuse by hackers and malware, such as cross site scripting
attacks, buffer overflow attacks, SQL injection attacks, and forceful browsing,
by filtering traffic between each protected web server and users that connect
to any web site on that web server. The application firewall examines all
traffic for evidence of attacks on web server security or misuse of web server
resources, and takes the appropriate action to prevent these attacks from
information, see "Application