Jump to content
Welcome to our new Citrix community!

Netscaler Responder/Rewrite policy assistance


Recommended Posts

Good day everyone.

 

I was hoping someone might be able to lend me a hand.  Unfortunately I'm not the best at these expressions.

 

Full disclaimer I am unsure if I should be using a responder or rewrite policy in this instance.

 

I have users attempting to visit the following URL:

 

https://www.domain.com/CAisd/pdmweb.exe?OP=DO_SURVEY+SVY_ID=400010+CNT_ID=B78E348C2BFCBA4AB2297AB081F8A55E+CNTXT_PERSID=cr:1180820+MSG_DIGEST=G6clb4SM0csYhOfVUH!Ji1oP73L2HVNwHmGo8qQwfzyLsSrPrN!vF5qNKoMKBB83ZO1AxMD26BE=

 

What I need to do is append port :8443 to the URL, ONLY if the initial URL contains "OP=DO_SURVEY" in the URL.  Everything else I need to stay the same.

 

https://www.domain.com:8443/CAisd/pdmweb.exe?OP=DO_SURVEY+SVY_ID=400010+CNT_ID=B78E348C2BFCBA4AB2297AB081F8A55E+CNTXT_PERSID=cr:1180820+MSG_DIGEST=G6clb4SM0csYhOfVUH!Ji1oP73L2HVNwHmGo8qQwfzyLsSrPrN!vF5qNKoMKBB83ZO1AxMD26BE=

 

If someone could take the time to lend me a hand, I would greatly appreciate it!  Been struggling with this one.

 

 

Link to comment
Share on other sites

You're probably looking for content switching.

 

Create an additional LB vServer that has services on port 8443 instead of 443.

 

Create a Content Switching vServer. Bind a Content Switching policy with expression HTTP.REQ.URL.CONTAINS("OP=DO_SURVEY") and send that traffic to the 8443 LB vServer. Then set the Default Load Balancing vServer for the Content Switch to the 443 LB vServer.

  • Like 2
Link to comment
Share on other sites

Thats where it gets a bit tricky in my mind, again excuse me for my lack of knowledge here.

 

This application has a content switching vserver for 443 and 8443 already.  

 

I already direct the traffic to 443 and 8443 using a simple content switching policy of: REQ.HTTP.HEADER Host CONTAINS www.domain.com

 

I cannot disrupt the flow of traffic as it stands, thats why i was looking at attaching a rewrite or responder policy to the 443 rule if OP=DO_SURVEY was in the URL.

 

Does that make sense, if not I would be happy to clarify where needed.

 

 

Link to comment
Share on other sites

If you look inside an HTTP packet you won't see the port number anywhere. The port number in the URL tells the browser what port number to use to connect to the web server. Then the browser creates a HTTP packet without the port number.

 

On ADC, you need to do similar. Basically if the URL matches your text, then send it to the 8443 listener. If the URL does not match the text, then send it to the 443 listener. There's no need to change anything in the HTTP packet.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...