Jump to content
Welcome to our new Citrix community!

Reverse proxy only allowed URLs


Recommended Posts

Hi,

 

I made a reverse proxy for 2 internal website, but people can add their own websites. We would only allow the sites we add.

I found out that I have to make a responder policy, but would also like to use a Pattern Set to make it readable when we add more sites.

 

We are adding the following sites: Website1.domain.local and website2.domain.com

 

can somebody help me to get this working, I'm new to responder policies and pattern sets.

 

Regards,

 

Sjoerd

Link to comment
Share on other sites

add policy patset ps_allowedfqdns
bind policy patset ps_allowedfqdns website1.domain.local

bind policy patset ps_allowedfqdns website2.domain.lcom

 

add responder policy rs_pol_block_notallowed_byps "!HTTP.REQ.HEADER("host").set_text_mode(ignorecase).equals_any("ps_allowedfqdns") DROP

 

Expression might be eq_any() vs equals_any(), but any of the "any" operators take a pattern set or data set as a parameter:  startswith_any, contains_any, etc....

 

Depending on whether you are doing host filters or path filters, things can be setup differently. I chose a responder drop action, but you can use reset or redirect as well.

 

patternsets are index tables; if you don't specify an index they will autoindex.  stringmaps are hash tables with key-value pairs, which can be used for more advanced scenarios.

 


 

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...