Error: “HTTP 404 Not Found” When Accessing StoreFront Through NetScaler Gateway

  • Verify that the StoreFront resolves the base URL to itself by pinging base URL from the StoreFront command line. If it does not resolve to the base URL then make an entry in the host file on StoreFront so that the base URL resolves to itself.

    You can also check to see if the page loads from the storefront server it’s self. If you copy the Receiver for Web URL, and change the domain to local host, it should load a storefront page. It will look similar to this http://127.0.0.1/Citrix/StoreWeb

    If you still get 404 after testing reachability on the storefront server it’s self, it is recommended to bring in a Storefront engineer for further troubleshooting.

  • Related:

    • No Related Posts

    Radius server test connectivity fails : Error: 1812/udp’ is not a valid Radius authentication port or Radius client is not configured properly in the Radius server.

    We have seen certain cases where a PBR is configured for the management IP (NSIP) pointing to a next hop gateway.

    In case the ADC does not have a SNIP in the same subnet as the next hop configured, then the packet might never leave the ADC and hence it would fail.

    No SNIP causes the Radius packet from Freebsd to Virtual server to be not sent to the actual server.

    Related:

    • No Related Posts

    Service on ADC shows DOWN with monitor error: “No MIP/SNIP available”

    To resolve this issue, complete the following steps:

    1. Make sure that SNIP for the subnet you are trying to connect to is added on the ADC.
    2. Verify if there exits a route in that Subnet. If the route does not exist then add the route using add route command.

      Note:- you might get this error if you have two default routes. Check the show route output and delete one route after confirming from the customer.
    3. Alternatively, you can also create a Net profile with the SNIP that you configired and then Bind it to Service / Service Group to make sure that monitor probes are initiated with that SNIP .

    Related:

    • No Related Posts

    Cisco Nexus 9000 Series Fabric Switches ACI Mode BGP Route Installation Denial of Service Vulnerability

    A vulnerability with the Border Gateway Protocol (BGP) for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a routing process to crash, which could lead to a denial of service (DoS) condition.

    This vulnerability is due to an issue with the installation of routes upon receipt of a BGP update. An attacker could exploit this vulnerability by sending a crafted BGP update to an affected device. A successful exploit could allow the attacker to cause the routing process to crash, which could cause the device to reload. This vulnerability applies to both Internal BGP (IBGP) and External BGP (EBGP).

    Note: The Cisco implementation of BGP accepts incoming BGP traffic from explicitly configured peers only. To exploit this vulnerability, an attacker would need to send a specific BGP update message over an established TCP connection that appears to come from a trusted BGP peer.

    Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-bgp-De9dPKSK

    This advisory is part of the February 2021 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: February 2021 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication.

    Security Impact Rating: High

    CVE: CVE-2021-1230

    Related:

    • No Related Posts

    How to create responder policy allow/block a set of ip's

    • We need to first create a data set under AppExpert>Dataset
    • We need to put all the IP that we want to block/allow

    User-added image

    • After creating the data set create the following responder policy

    CLIENT.IP.SRC.TYPECAST_TEXT_T.CONTAINS_ANY(“data_set”)

    In the above expression I have called the data set in the expression

    For subnet range the policy will be as follows:

    CLIENT.IP.SRC.IN_SUBNET(x.x.x.x/32)

    Now if we want to evaluate single Ip and subnet we need to create the following expression:

    CLIENT.IP.SRC.TYPECAST_TEXT_T.CONTAINS_ANY(“data_set”) && CLIENT.IP.SRC.IN_SUBNET(x.x.x.x/32)

    >You can use other subnets using && operator. Take assistance of expression editor to configure the policy.

    >And create a action (in this case I am creating a action as redirect)

    User-added image

    >Bind the responder to the virtual server

    Since the above expression is true for ip 1.1.1.1 you will get redirected to https://citrix.com

    Related:

    • No Related Posts

    Service on NetScaler Shows DOWN with Error: “No MIP/SNIP available”

    To resolve this issue, complete the following steps:

    1. Verify the NetScaler routing table using the following command:

    show route

    2. Verify if there exits a route in that Subnet. If the route does not exist then add the route using add route command.

    Note:- you might get this error if you have two default routes. Check the show route output and delete one route after confirming from the customer.

    3. Add a Mapped IP of Back end Server Subnet.

    4. Create a Net profile with the SNIP and then Bind it to Service / Service Group .

    Related:

    Cisco IOS and IOS XE Software MP-BGP EVPN Denial of Service Vulnerability

    A vulnerability in the implementation of Multiprotocol Border Gateway Protocol (MP-BGP) for the Layer 2 VPN (L2VPN) Ethernet VPN (EVPN) address family in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. 

    The vulnerability is due to incorrect processing of Border Gateway Protocol (BGP) update messages that contain crafted EVPN attributes. An attacker could exploit this vulnerability by sending BGP update messages with specific, malformed attributes to an affected device. A successful exploit could allow the attacker to cause an affected device to crash, resulting in a DoS condition.

    Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-bgp-evpn-dos-LNfYJxfF

    Security Impact Rating: Medium

    CVE: CVE-2020-3479

    Related:

    Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability

    A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device.

    The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols.

    Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability. There are multiple mitigations available to customers depending on their needs.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz

    Security Impact Rating: High

    CVE: CVE-2020-3566

    Related:

    Cisco NX-OS Software Border Gateway Protocol Multicast VPN Denial of Service Vulnerability

    A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition.

    The vulnerability is due to incomplete input validation of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this specific, valid BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause one of the BGP-related routing applications to restart multiple times, leading to a system-level restart.

    Note: The Cisco implementation of BGP accepts incoming BGP traffic from only explicitly configured peers. To exploit this vulnerability, an attacker must send a specific BGP MVPN update message over an established TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the trusted network of the affected system.

    Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxosbgp-nlri-dos-458rG2OQ

    This advisory is part of the August 2020 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication, which includes seven Cisco Security Advisories that describe seven vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: August 2020 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication.

    Security Impact Rating: High

    CVE: CVE-2020-3397

    Related: