Jump to content
Welcome to our new Citrix community!

rewrite rule for server response header


Rakesh Chandra

Recommended Posts

HI,

 

abc.com is hosted in netscaler with HTTPS protocol. Use access this application over HTTPS and netscaler is doing SSL offloading and forward the HTTP request to original server.

 

User is able to authenticate and login to this application. After login to application , user add some text data and click on upload. 

 

After this physical server send the HTTP response to netscaler with below in Response header

 

Location: http://abc.com:80/restserver/rest/upload/ 

 

That's why, we need to rewrite this URL to Location: https://abc.com/restserver/rest/upload/  keeping user safe 

 

Hope this helps

 


Link to comment
Share on other sites

OK

you need to rewrite the Location header in the response

that's common with http back end server as you discribe.

 

in the Virtual Server add a rewrite response policy

 

add rewrite action modify_location_header replace
HTTP.RES.HEADER("Location")
'"https://"+HTTP.RES.HEADER("Location").TYPECAST_HTTP_URL_T.HOSTNAME
.SERVER+":80"+HTTP.RES.HEADER("Location").TYPECAST_HTTP_URL_T.PATH'
 
add rewrite policy policy_modify_location_header 'HTTP.RES.HEADER("Location").STARTSWITH("http://")'
 modify_location_header

 

 

Something like that...

Link to comment
Share on other sites

  • 2 years later...
On 12/7/2016 at 2:50 PM, Carl Stalhood1709151912 said:

To rewrite redirects, the easy way is to edit the LB vServer, edit SSL Parameters, and check the box for SSL Redirect.

Carl is correct, as per his blog (https://www.carlstalhood.com/ssl-virtual-servers-netscaler-12/#redirectlbmethod):

If you do any SSL Offload (SSL on the client side, HTTP on the server side), then you’ll need to enable SSL Redirect. It’s above HSTS. With this option enabled, any 301/302 redirects from the server with HTTP Location headers are rewritten to HTTPS Location headers.

image.thumb.png.01b04d1e70b6dbbb604038d9cb1357c7.png

 

I confirm, it works for me as well, I was looking how to that in the smartest way and I came into post :) 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...