Jump to content
Welcome to our new Citrix community!

Content switching reverse proxy

Sean Ritter

Recommended Posts

To date I have used Netscaler only in regards to storefront access so this is entirely new to me.  Firewall rules and certificate is all set.


I have a requirement to set up a single external URL to access multiple internal URLs like:

https://portal.company.com/mod is proxied to http://modserver.domain.com/ModSite/Login.aspx

https://portal.company.com/irtt is proxied to http://irttserver.domain.com/irttSite/Login.aspx


Also, hopefully the actual backend server names are hidden.


I know it has to do with LB Server and content switching, but I have had no success with trying what I have found searching so far.


Thanks for the help!


Link to comment
Share on other sites

You can achieve this by using Content Switching (CS) combined with rewrite. By default Netscaler will not change the hostname and will transparantly send you to the back end server.


Create the 1st Load Balancer (LB) -> LB_modserver

Create the 2nd LB  -> LB_irttserver

Create a single CS with a public IP -> CS_company.com

Create the 1st action -> cs_action_LB_modserver

Create the 2nd action -> cs_action_LB_irttserver

Create the 1st CS policy -> HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(\"/mod\")" -action cs_action_LB_modserver

Create the 2nd CS policy -> HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(\"/irtt\")" -action cs_action_LB_irttserver

Bind these CS policy to your CS vserver

Create the 1st rewrite action: add rewrite action mod_Act replace HTTP.REQ.URL "\"/ModSite/Login.aspx\""

Create the 1st rewrite policy: add rewrite policy rw_pol_mod "HTTP.REQ.URL.PATH_AND_QUERY.CONTAINS(\"mod\")" mod_Act

Bind the policy to your LB_modserver


Repeat the process for your 2nd URL and replace the appropriate word accordinly.



Edited by Dany Demers
Corrected the rewrite
  • Like 1
Link to comment
Share on other sites

I'm back in need of a bit more help:

https://portal.company.com/mod is proxied to http://modserver.domain.com/ModSite/Login.aspx and is working great.


For the second URL, the internal site is using https that was wrong in my first example.  I am not sure if it makes a different how I set it up.

https://portal.company.com/irtt is proxied to https://irttserver.domain.com/account/login?ReturnUrl=%2f


It is returning Http/1.1 Service Unavailable.  I believe this may be because I don't have a SAN for irttserver.domain.com in the cert for portal.company.com?  I'm hoping someone can confirm before I request a new certificate.



Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...