XenMobile: Restrict access to MAM

If you have implemented Xenmobile solutions you probably have been asked or ask yourself how can the MAM part can be restrict.

I mean by default you can access the MAM portal, for example: https://mam.domain.com which can be access by a browser

It can be useful to check the XenMobile configuration as 404 is expected after successful authentication:

 

 

However this page is publicly available for different possible security attacks: XSS, SQL Injection, Brute Forcing, …

Here after are some steps to secure and restrict the MAM page:

  • Enable Responder feature on your NetScaler (under System / Settings / Configure Advanced Features)
  • Create a Responder HTML Page (under AppExpert / Responder / HTML Page Imports, click on Add). Provide a Name and select Import From: Text, click on Continue

  • Then you can put HTML code,  here after an example

Click on Done

  • Create a Responder Action (under AppExpert / Responder / Actions, click on Add). Provide a Name, select Type Respond with HTML Page, select the HTML Page previously created and click on Create

  • Create a Responder Policy (under AppExpert / Responder / Policy, click on Add). Provide a Name for the Policy, select the Action previously created.

Under Expression, add the following:

HTTP.REQ.URL.EQ("/vpn/index.html")&& HTTP.REQ.HEADER("User-Agent").CONTAINS("Mozilla")

Click on Create

  • Assign Responder Policy to the MAM NetScaler Gateway (under NetScaler Gateway / Virtual Servers, edit your XenMobile NetScaler Gateway)

  • Click on the + sign

  • Select Policy type Responder and click on Continue

  • Select the Policy previously created and click on Bind

  • Verify that the Responder Policy is bound and test

Now when a user will try to connect to https://mam.domain.com he will see the following screen:

It’s based on the HTML code I provided in this article and this can be changed.

 

 

1 thought on “XenMobile: Restrict access to MAM”

  1. This will be the proper weblog for hopes to learn about this topic. You are aware of so much its almost tough to argue along with you (not that I really would want…HaHa). You definitely put a brand new spin on the topic thats been discussed for some time. Excellent stuff, just excellent!

Leave a Reply

Your email address will not be published. Required fields are marked *