Jump to content
Welcome to our new Citrix community!

Domain Rewrite Policy

Nick Hartman

Recommended Posts

Im following this information https://www.uncon.net/test.html on setting up a rewrite policy to gather domain information when using a DOMAIN\sAMAccountName.


The policy's are as follows:

add rewrite action domain_extract_act insert_after "HTTP.RES.BODY(1024).REGEX_SELECT(re/function ns_check\\(\\).*return false;\\W*}/)" "\"\n\tvar domain = login.replace(/\\\\\\\\.*/, \\\"\\\");\n\tvar expiry = new Date(+new Date + 7200000); // +2 hours\n\tdocument.cookie = \\\"Domain=\\\" + escape(domain) + \\\"; path=/; expires=\\\" + expiry.toGMTString();\"" -bypassSafetyCheck YES


add rewrite policy domain_extract_pol "HTTP.REQ.URL.PATH.ENDSWITH(\"vpn/login.js\")" domain_extract_act 



I cant seem to get it to work, i have the policy's setup and bound but when i use REQ.HTTP.HEADER Cookie CONTAINS Domain=MyDomain in my expression string of my session policy it does not find the domain thus pushing me to a JRE doesnt exist page due after passing Radius Auth with Microsoft MFA.


My NetScaler is NS11.1 44.13.nc

I am using Radius Auth with Microsoft MFA with a LB NPS server set


Can anyone clue me in to what may be missing in this equation? I am trying to use a different session policy per domain to auth to the SFS after 2factor auth via Microsoft MFA


Link to comment
Share on other sites

  • 3 weeks later...

Looking at that link it doesn't specify what version it was used for, and sometimes the expressions and functionality vary between major firmware versions.


What might be useful is to better understand what your goal is, in the event we can figure out if this is the right approach or if this might be a better way.


I should also point out your firmware is severely out of date and subject to numerous security vulnerabilities. Suggest upgrading to the latest 11.1 or 12.1 maintenance build.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...