Helient Systems : Use Your Citrix ADC (NetScaler) to Mitigate Apache Log4j Vulnerability Traffic

by Daniel Ruiz
Practice Lead, Citrix Technologies

Citrix ADC (NetScaler) can be used to protect your back end resources from the recent CVE-2021-44228 Log4j vulnerability.

The Apache Log4j2 vulnerability, if exploited, allows an attacker to control log messages or log message parameters to execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

At this moment, Citrix ADC (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) VPX,MPX, SDX/SVM are not impacted.

The following strategies can be employed to protect resources behind the ADCs.

Options:

1. Using Citrix ADC WAF ( Web Application Firewall): If you are running Citrix ADC Premium Edition, you can enable the WAF feature auto-update signatures enabled. Citrix recently released 4 signatures #999077-9990780 for their WAF, which can be used to mitigate the issue. (Credit to Johannes Norz)
2. Use Citrix ADC’s Responder Policies. If you are not running Citrix ADC Premium Edition, you can create a Responder policy to block incoming traffic to your VIPs, and assign globally or per VIP. (Credit to Mick Hilhorst)

If you would like more information or assistance from our industry leading team of Citrix experts, please contact us at service@helient.com.