Jump to content
Welcome to our new Citrix community!

Netscaler Rewrite Not Working (really, and have gotten them to work before... lol)


Recommended Posts

I always hate trying to get rewrites to work, they look and sound great, but often just seem more trouble than they are worth (whew, for the Citrix guys when my management starts looking for cloud alternatives even though the NS is awesome).

 

It might be a little TL;dr, but I have done this successfully before, researched the heck out of it again, and perhaps some of the background matters.

 

Here is the task/ background for the settings that follow

 

We have to test a web site. But they dont't want to go through the production domain. Is it a vhost on a server.  So they want to go through a different DNS. So far ok. (for some reason, the owner of the app wont let us touch the vhost settings. I think he is shy from that pov). It's why it is called work and the users of the sites there are sensitive to any kind of disruptions.

 

prod.real.domain.com

test.this.domain.com

 

(for accuracy, identical number of subdomains)

SSL Offload, so HTTPS in front to the NS, Port 80 behind.

Rewrite checked in settings.

Compression turned off.

 

So i need to rewrite the header on the way in so the server "knows" what domain I want to be.

 

Request. Rewite

1) Delete Host Header: test.this.domain.com

2) Add Host Header: prod.real.domain.com

 

Works. Content comes back without a problem.

 

The issue now is the response rewrite. There is only one response rewrite (there is a global remove some headers ones. But not content, headers. x-powered-by, etc)

 

Ideally, in a browser, viewing source we should see test.this.domain.com so when the user clicks it goes through the test DNS.

Nope. Not text not search not pattern

 

So I simplified the rewrite to single word on the page, search for London, replace with France for example.

 

Nope. Using wget and curl to ensre I am not looking at some JS dynamic generation of content.

 

What did I screw up? (presumption of guilt here, several iteration, through GUI or CLI))

(wouldn't it be kewl if citrix added NS to syntax highlighting dropdown?)

 

add rewrite action rw-act-delete-hostheader-act delete_http_header Host
add rewrite action rw-act-add-hostheader-medlondon-act insert_http_header Host "\"test.this.domain.com\""


# Both NEXT and END have failed
bind lb vserver "WAF TEST" -policyName rw-body-pol -priority 100 -gotoPriorityExpression END -type RESPONSE
add rewrite policy rw-body-pol True rw-body-act
# London is intial cap btw
add rewrite action rw-body-act replace_all "HTTP.RES.BODY(HTTP.RES.CONTENT_LENGTH)" "\"Paris\"" -search "text(\"London\")"

 

 

 

 

 

 

 

Edited by aangelop
Link to comment
Share on other sites

I didn't get the notification on this, sorry for the delayed reply. I follow up and dig.

 

For rewrites, on that VIP. No.

 

There are global rewrites, wrapped in a policy label, I will check. (and thought I did, but we all see things we would like to see rather than are there in IT, no?)

 

 

No joy, the label is NEXT

 

image.thumb.png.2c0c601ee33ae63a92858a84d934b598.png

Link to comment
Share on other sites

IMO, the default setting for the -gotoPriorityExpression should be NEXT and not END.

There are so few instances where you would not want to continue evaluation, and it's too easy to mess up this way.

One last thing you may want to try is to see if the policy is even being hit.

If you open a PuTTY session, and shell out the following will show you all the policies as they are being hit:

 

> shell

 

> nsconmsg -d current  -g   _hits

Link to comment
Share on other sites

Yeah, it is getting hit, and the two others I mentioned as well (host headers ones). Those two are working....

 

  Index   rtime totalcount-val      delta rate/sec symbol-name&device-no
     36       0           8826          1        0 pcp_hits rewrite(Delete-Host-Header-pol)
     37       0           8814          1        0 pcp_hits rewrite(rw-pol-Add_Host_Header)
     38       0           8773          1        0 pcp_hits rewrite(rw-body-pol)

 

Link to comment
Share on other sites

Your problem is a simple one: The content you're searching for is simply not there.

If you allow server side compression, the server will reply compressed. The Citrix ADC can't see the word London, even if the term appears on ten browser. Because a compressed London is not London.

Turn on HTTP compression featture and disable server side compression globally.

 

Cheers and greetings

 

Johannes Norz @Citrix_ADC
visit my blog https://blog.norz.at

serversideCompression.PNG

Edited by Johannes Norz
image attached
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...