Netscaler issues!
The last 2 months I already posted some Netscaler posts regarding some security issues within Netscaler after you upgrade from build 8.0 to 9.x. Together with our supplier we reported these issues to Citrix and to secure@citrix. Check the following posts
http://digipulse.nl/2009/04/21/security-issue-discovered-in-netscaler-7000/
http://digipulse.nl/2009/06/05/watch-out-when-upgrading-netscaler-pre-81-to-9x/
Today I upgraded a Netscaler to NS9.0 : build 69.5 and checked if something was changed. But nothing has changed yet. Customers do still have the rights to create transparant intranet applications and the solution Citrix offered will only work if no routing is applicable. This function is still present within the GUI and also in the CLI. You can configure it but it wil not work! In my opinion this can lead to unwanted security issues for some customers.
Further we found out that within the Intergrated Caching CLI the option precedeDefRules still exists but does not function anymore. If you want to use the precedeDefRules you need to use the Type command to configure this functionality now.
So some questions raised after we found out that this was changed.
Will customers that have defined rules by using the precedeDefRules in version 8.x after upgrading still have rules that function? Are they automaticly upgraded to the Type rule? Will the precedeDefRules rules still excist and don’t work anymore ?
If this is the case Citrix needs to inform customers better of changes in new builds.When there are changes that affect rules, policies, expressions or other system settings, please keep the following 3 points in mind.
- Change the GUI and CLI interfaces directly so that the commands can’t be used anymore.
- Change also the Netscaler documentation.
- Inform customers!
I know there are release guides with every build, but please be honest, how many customers do read these when upgrading?
Thanks to Michiel en Jeroen
