Jump to content
Welcome to our new Citrix community!

HTTP to HTTPS and add extra strings to the request

Recommended Posts




I've ran into a task of replacing the current HTTP access of a few applications to HTTPs. I understand the concept of how to translate HTTP to HTTPs, but in this case, there is a catch.  Here's how the current app access works. Users type appname.subdomain.domain and they are redirected to real server <IP>:<PORT>/extra/login/page.html?client=100. The string 100 is used by the app team to refer exactly what environment will respond to this request. There are four apps, they all have the same real server and what changes is the client code, like this <IP>:<PORT>/extra/login/page.html?client=<CODE>. My concern is: how do I translate HTTP to HTTPS in this case? I am building a script to create a new Content Switching server/policy/action that points to new Virtual Server. Is there any other way to do this?


Link to comment
Share on other sites

What determines which <code> you insert into the redirect string? 

Policy engine can do this, but depending on whether we can do it programattically using one policy or whether you need a specific code per app, may affect your results.


So 1) use a responder policy. 2) Then depending on your exact requirements we can modify for a more specific example. 

But here are a few things to help you get started.


Example 1:  Basic ssl redirect that can be bound to multiple vservers, but doesn't include your  app specific code insertion.

# Just showing the responder action and not the policy expression or policy bind command

add responder action rs_act_sendtossl redirect '"https://" + HTTP.REQ.HOSTNAME.HTTP_URL_SAFE + HTTP.REQ.URL.PATH_AND_QUERY.HTTP_URL_SAFE'

Example 2:  A more targetted responder policy(ies) that could be used with specific app redirects. In this case specific policies for specific vservers

Based on your example:  Also, specific assumption is that you will be hard-coding the port into the URL.  With more information we could tailor this to more dynamically handle the port and code insertions.   Your base URL:  <IP>:<PORT>/extra/login/page.html?client=<CODE>


# AppA - to insert port, while preserving original path & query string

add responder action rs_act_sendtossl_appA redirect '"https://" + HTTP.REQ.HOSTNAME.HTTP_URL_SAFE +":<PORT>" + HTTP.REQ.URL.PATH_AND_QUERY.HTTP_URL_SAFE'

# AppA - with your custom path & query string

add responder action rs_act_sendtossl_appA2 redirect '"https://" + HTTP.REQ.HOSTNAME.HTTP_URL_SAFE +":<PORT>" + "/extra/login/page.html?client=<code>"'

# AppB - to insert port, while preserving original path & query string

add responder action rs_act_sendtossl_appB redirect '"https://" + HTTP.REQ.HOSTNAME.HTTP_URL_SAFE +":<PORT>" + HTTP.REQ.URL.PATH_AND_QUERY.HTTP_URL_SAFE'

# AppB - with your custom path & query string

add responder action rs_act_sendtossl_appB2 redirect '"https://" + HTTP.REQ.HOSTNAME.HTTP_URL_SAFE +":<PORT>" + "/extra/login/page.html?client=<code>"'



With a few more details, about the redirect scenarios you need and what determines the port and app code, a string map might be able to be used instead and you can hard-code the values. The exact policy expressions required, would also determine whether you are only redirecting a specific request (the first time access) or redirecting any/all https requests to https.


But this should help you get started.




Edited by Rhonda Rowland
fixed policy names; copy/paste error
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...