Jump to content
Welcome to our new Citrix community!

OWA http to https rewrite

Recommended Posts

Need to create some port of rewrite/redirect action & policy for OWA http to https. Currently using citrix adc sdx v13.


Under Responder and policies I have HTTP.REQ.IS_VALID and for action I have "https://" + HTTP.REQ.HOSTNAME.HTTP_URL_SAFE + HTTP.REQ.URL.PATH_AND_QUERY.HTTP_URL_SAFE.


Is there anything else I am missing? Do I need to create a Rewrite also?

Link to comment
Share on other sites

if it is just OWA http to https



add lbvserver lbvip2 SSL 443 -redirectFromPort 80  -httpsRedirectUrl https://www.example.com`


Configure HTTP to HTTPS redirect by using the GUI

Navigate to Traffic Management > Load Balancing > Virtual Servers.

Add a virtual server of type SSL and click OK.

Edit Basic Settings, click More, and add values for Redirect From Port and HTTPS Redirect URL.







  • Like 1
Link to comment
Share on other sites

Either the policy or the built in redirect to the ssl vserver can be used. 

REsponder policies can be more flexible. I usually rename my vserver to _w80 to remind myself I'm tying up that port on this IP as well, when using the builtin redirect url from port...but remember this is only available on an SSL lb vserver and not via a CS vserver, so then you are back to responder policies again if you are using CS for exchange.


If you just want to take an originating request from http://<some fqdn>/<some pathquery> to https://<same stuff> then the policy you have above is fine and should be bound to an HTTP:80 vserver.


If you need to redirect any request from http://<somefqdn>/  to https://<somefqdn>/owa  then you would need one more responder policy to deal with where url exactly equals "/".


The only thing you need to do is create a lb vserver on HTTP:80 with a dummary service in an UP state (disable health monitoring) and bind the responder policy to it. It will respond to your port 80 requests and redirect to the HTTPS/SSL vserver. 


A responder policy redirect user by sending them a 301/302 redirect response. User now makes new request to new destination, which makes the client to vserver communication SSL to new destination.


Rewrite changes the request the client sends the netscaler, between the netscaler and the server...so the user never sees the change, but gets the results of it. Rewrite doesn't help with send to ssl scenarios (as the client has to make a new https request). IF you need to modify the path or other request elements server-side without the client being aware of the change, then you might use rewrite. But shouldn't be needed here.


Link to comment
Share on other sites

So this issue is happening with OWA on the netscaler dmz side. When outside users are trying to access our OWA page - <webpage> the page does not load. I enabled a redirect from port 80 to 443 under the Virtual Server and Basic Settings. I have edited my host file for testing with the outside public address of <webpage>. and then it loads but its showing the dmz address. We need it to hit <webpage>:443 from the outside.


Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...