Citrix Netscaler: Accessing the management through CS and LB
Aside from this specific blog whether playing around in the lab or testing something at a customer site, I always get excited when something abnormal happens! Something in my head just pops-up saying “LET THE GAMES BEGIN!” :-P.
So, in my pursuit to break and fix I wanted to test if its possible to create some sort of a backdoor to access Netscaler’s management even if the Netscaler’s management IP is not accessible (from the Internet for example).
Here is what was done:
- Create a service group with a member 127.0.0.1 (this obviously changes to the IP of the Netscaler management itself) hence if you try to add the IP address of the Netscaler server it is not allowed so the only way to get this done is by using the loop-back IP address.
- Create a load balancing virtual server (non-addressable).
- Create a content switching server with a reachable IP address.
- Create a content switching action that points to the non-addressable LB vServer.
- Create a content switching policy that says for example -> HTTP.REQ.HOSTNAME.EQ(“test.domain.com”).
- Attach the policy to the content switching server.
And we’re done, you will now have access to your Netscaler’s management without having to do any super network-wizardry :-). On the other hand I would not urge anyone to use this in a production environment and setup a proper VPN to access your management interface.
Thank you for taking the time to read this ^_^,