Jump to content
Welcome to our new Citrix community!

EZproxy issue with Netscaler MPX8005


julie xu

Recommended Posts

HI, 

 

I have a EZproxy server behind the Netscaler.  and I configured it as SSL-Bridge, server is setuped to use https.

 

I guess my configuration maybe wrong, because the EZproxy is web proxy, and ADC (my netscaler) is a proxy also. 

 

Now, there is an issue, that is "EXproxy profile has been chopped off", it suppose to be https://ezproxy.xxx.xxx/xxxx=https://othersite.xxx.xxx.   the fist part is losed.

 

client test the same configuration on an server (who is not behind netscaler) is ok.

 

Please advise how to configure an VIP which talk to another proxy server?

 

Many comment will be apprecated

 

Thanks in advance

 

Regards

 

Julie

 

 

Link to comment
Share on other sites

I did not understand the question.

 

So you created a SSL bridge, pointing to a proxy server. A SSL bridge does not "see" URLs, so it can't change. The only thing a SSL bridge will "see" are the packets used to establish the SSL session. Everything after creating the session is encrypted and therefore invisible to the ADC (NetScaler).

 

BUT: You talk about a server set us as https. This confused me. If you do a SSL bridge, both, vServer and service have to be SSL-Bridge.

I guess, you want to load-balance your proxies, don't you? So the lb-vServer has to use persistence, probably based on src-ip or src/dst-ip. SSL session ID does not make sense, as most browsers use several sessions.

You may want to use SIP-mode, if your proxy needs to see client's IP. in cese, the ADC has to be the default gateway for the proxy server.

 

Greetings

 

Johannes Norz

CTA, CCI, CCE-N

Link to comment
Share on other sites

  • 3 weeks later...

Hi, Johannes  

 

I have finally stop using ssl-bridge, setup SSL for the web. But, for some reason, the server insisted inform client to use http? 

 

I should use rewrite or responder to redirect traffic to use https? change the traffic from http://hostname/full-pass to https://hostname/full-pass?

 

if so, how do I write the Regex?

 

Please advise

 

Many Thanks

 

Julie

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...