Using Netscaler Application firewall to protect against ShellShock

With the recent announcement of the ShellShock vulnerability many vendors have done a great job with coming with patching / fixes to close the vulnerability. Citrix has released an knowledge article which shows what Citrix products are affected here –>

But! Citrix has also released an update to AppFirewall signature to include fixes to services which are exposed via Netscaler. For instance if we have an load balanced service which is load balanced via Netscaler, and the services running in the back are affected or vulnerable we can use AppFirewall to protect them from the attack.

First we need to update the signature files (Citrix released an update yesterday) (Update version)

Then we can see that the new signature files include fixes for shellshock.


The actions are by default set to block. So when creating an appfirewall policy we can bind this to an particular vServer or URL.


Important to set signature action to block



But note that these rules only apply to services that are exposed via the Netscaler, and not the netscaler itself. Refer to the document which is posted above.

#application-firewall, #netscaler, #shellshock