GHSA-X4MJ-7F9G-29H4 Contour has Lua code injection via Cookie Path Rewrite Policy

Impact Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in the following fields that results in arbitrary code execution in the Envoy proxy: -...

CVE-2026-41246 Contour: Lua code injection via Cookie Path Rewrite Policy

Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in...

CVE-2026-41246

Contour’s Cookie Rewriting feature (Envoy Lua filter) is vulnerable to Lua code injection from v1.19.0 up to before v1.33.4, v1.32.5, and v1.31.6. An attacker with RBAC to create/modify HTTPProxy resources can inject values into spec.routes[].cookieRewritePolicies[].pathRewrite.value (or services...

NetScaler-13.1-How to remove the "Server" header in the response with rewrite policy

How to remove the "Server" header in the response which exposes the server type information...

GUI Issue - Unbinding the LogAction from Rewrite policy fails from GUI but works from Cli

Re-Write Policy is configured with a Log Action bound to it. When the Log Action is removed from the policy via the GUI, the policy is not actually removed. After hitting 'OK', there's no error, and the Log Action is still bound when checked again...

How to write an AppExpert Rewrite policy for EULA/Header on AAA/GW vserver

Demonstrate how a rewrite action can be used to add a footnote or a header above the logon page of a AAA vserver...

How to Remove the ETag Field from the HTTP Response Header Using a Rewrite Policy

This article contains information about removing the ETag field from the HTTP response header using a rewrite policy and action on a NetScaler appliance. Background The rewrite policy and action are created using the Graphical User Interface GUI. Note : Disabling a feature on a NetScaler applianc...

How to block specific URL request with rewrite policy in NetScaler

This article describes how to configure rewrite policy to drop specific URL request to NetScaler Load Balancing Virtual Server traffic...

How to remove HTTP Header with rewrite policy in NetScaler

This article describes how to deletespecific HTTP Request Header with rewrite policy in NetScaler...

Rewrite policy fail to honored when binding to NetScaler Gateway Virtual Server

When you're trying to insert some promptsto NetScaler Gateway logon page via Rewrite policy, you may find the prompts strings are not displayed even if you refresh the web page or clear all browser cache. The Rewrite policy is not honored as expected...

How to create a Rewrite policy that will change characters in URL to lowercase

How to create a Rewrite policy that will change characters in URL to lowercase...

How to use the CLI to disable HTTP OPTIONS Method for virtual server

Some security scanning reports suggest to disable the OPTIONS HTTP Method on web server. The article provides the use of a rewrite policy to avoid processing the OPTIONS HTTP Method...

How to add text message on Gateway logon page that AAA authentication enabled.

In AAA authentication profiled configured Gateway Virtual server, you may found the rewrite policy method to addsome texts on Netscaler Gateway logon page is no longer effective. This is because the portal layout mechanism is changed compared with basic authentication policy scenario. Before we g...

How to create message action to log to syslog in Citrix NetScaler

This article describes how to create a message action that can be bound to a responder or rewrite policy that logs to syslog in NetScaler...

A sample to set http response header X-Frame-Options by rewrite policy

A sample to set http response header X-Frame-Options by rewrite policy on vpn vserver...

How to create rewrite policy for Security Headers

This article explains how to create rewrite policy for content security headers, XSS protection, HSTS, X-Content-Type-Options & Content-Security-Policy ADC appliances support HTTP strict transport security HSTS as an inbuilt option in SSL profiles and SSL virtual servers...

Remove Beginning Section of URL Using Rewrite Policy

Customer is looking for a way to remove a specific section of a URL at the beginning of the path...

How content-length of a HTTP response is handled when rewrite is in use on NetScaler

When using rewrite policy with priority 120 on NetScaler it can be noticed that Content-Length header is misspelled in the response. To alter this behavior we can use another rewrite policywith priority 100 that has an action that can never be true. Note: Priority 120 and 100 is taken as examples...