Jump to content
Welcome to our new Citrix community!

Reverse proxy only allowed URLs

Recommended Posts



I made a reverse proxy for 2 internal website, but people can add their own websites. We would only allow the sites we add.

I found out that I have to make a responder policy, but would also like to use a Pattern Set to make it readable when we add more sites.


We are adding the following sites: Website1.domain.local and website2.domain.com


can somebody help me to get this working, I'm new to responder policies and pattern sets.





Link to comment
Share on other sites

add policy patset ps_allowedfqdns
bind policy patset ps_allowedfqdns website1.domain.local

bind policy patset ps_allowedfqdns website2.domain.lcom


add responder policy rs_pol_block_notallowed_byps "!HTTP.REQ.HEADER("host").set_text_mode(ignorecase).equals_any("ps_allowedfqdns") DROP


Expression might be eq_any() vs equals_any(), but any of the "any" operators take a pattern set or data set as a parameter:  startswith_any, contains_any, etc....


Depending on whether you are doing host filters or path filters, things can be setup differently. I chose a responder drop action, but you can use reset or redirect as well.


patternsets are index tables; if you don't specify an index they will autoindex.  stringmaps are hash tables with key-value pairs, which can be used for more advanced scenarios.



  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...