Jump to content
Welcome to our new Citrix community!

Responder policy


Recommended Posts

I have a responder policy to redirect a clientless vpn url that doesn't get automatically rewritten by cvpn.  Although the responder policy successfully redirects the client during login the webserver tries to set some cookies which the responder policy is being used I just get an error from the web page that cookies are not enabled in my browser.

Link to comment
Share on other sites

instead of responder, you might need rewrite or a  new cvpn clientless rewrite feature.

 

Typically, cvpn is going to take traffic from client to vpn vip and vpn vip proxies to web service behind.

If you redirect to a new fqdn, then your not doing clientless anymore, but it may be impacted about whether users can or can't reach the destination specified.

 

Wehre as a a rewrite or clientless rewrite might change the request ns to destination and fix the original issue.

 

But without an example of the original cvpn issue and the responder you are using it is hard to suggest a fix.  If the original cvpn is the problem, I would try to fix that first; if you can use a redirect not via the gateway, then clientless vpn url was probably not the right solution up front.

 

But there's a lot that can't be diagnosed without some examples/details here. 

Link to comment
Share on other sites

Thanks for the response.  So for more detail I have a web application with a root folder /foo but the app also references another folder /foobar.  The bookmark is set to mywebapp/foo and CVPN rewrites /foo just fine but doesn't rewrite /foobar requests so they go directly the the unified gateway url (gateway.mycompany.com/foobar instead of gateway.mycompany.com/cvpn/https/foobar).  

 

The responder was able to redirect the requests to gateway.mycompany.com/cvpn/https/foobar but I was having a lot of issues still.

 

I'm trying a rewrite policy now and although the expression seems to match when I use the evaluate tool in the rewrite policy builder screen it doesn't ever match when I try the actual application.  

 

My thought was it should look something like:

 

HTTP.REQ.URL.PATH_AND_QUERY.CONTAINS("/foobar") && !HTTP.REQ.URL.PATH_AND_QUERY.CONTAINS("/cvpn/https/"

 

and then have an action that replaces the path with /cvpn/https/foobar.  

 

Hopefully all of that makes sense :) 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...