Jump to content
Welcome to our new Citrix community!

can't bind a rewrite to SSL_BRIDGE VIP type


Recommended Posts

Scenario -

 

a.domain.com - SSL_BRIDGE VIP on one netscaler in DMZ

-bound service is the b.domain.com VIP

 

b.domain.com - SSL_BRIDGE VIP on a different netscaler on trusted network

-bound services are 3 linux web servers

 

I need to be able to change host header to appear to backend web servers as b.domain.com but can't bind a rewrite to SSL_BRIDGE VIP type...or maybe there is a better way to do this. I basically want to allow an internal site to be accessible from outside but at the HTTP level, appear to be from the DNS name of the internal VIP...and the backend breaks if I'm not using SSL_BRIDGE.

Link to comment
Share on other sites

By definition, with an SSL_BRIDGE vserver, the traffic IS NOT decrypted on the NetScaler and the NetScaler does not do SSL Termination, therefore it cannot do request or response modifications like rewrite.  Just basic load balancing and low-level filtering criteria with rseponder. No rewrite, cmp, or content switching is possible.

 

To do rewrites, you have to do SSL termination and your vserver/services have to be SSL/SSL or SSL/HTTP.

 

 

  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...