Jump to content


Photo

NetScaler smartaccess not rewriting URL with CVPN

Started by Kenneth Hjelm , 09 June 2015 - 12:59 PM
8 replies to this topic

Kenneth Hjelm Members

Kenneth Hjelm
  • 20 posts

Posted 09 June 2015 - 12:59 PM

Hi.

 

Searched through the forum and found a couple of similar posts with the same problem but none with a solution. 

 

Running NetScaler VPX 200 - NS10.5 53.9.

Its looks like a pretty simple problem (bug?) when accessing WEB bookmark through Clientless access portal. The portal is set up with single sign-on and the internal domain entered in "allowed domains" in the clientless access profile.
The bookmark works fine with single sign-on and displays the correct web page, just like accessing it internally not through NetScaler. URL rewrite works fine and ads /cvpn/<webserver FQDN>/ to the URL. So far, so good.

But every link on the first page wont get rewritten with /cvpn/<webserver FQDN>/ so all links gets a 404 error. If i manually add the /cvpn/<webserver FQDN>/ to the URL afterwards it works.

 

Anyone know how i can get the NetScaler to rewrite all links on the page? Do i have to manually create a re-write policy to add this to all links? Isn't this suppose to work on the links since the first page displays correct? All links are on the same webserver as the bookmark.

 

 

 

 

Kenneth

 



Jonathan Clark Members

Jonathan Clark
  • 106 posts

Posted 10 June 2015 - 03:46 PM

Do you have a true policy enabled to disable URL rewrite?  I have seen this happen in Storefront environments when you need to disable cvpn on some items and people just create a true policy. 

 

Alternatively you can create a pretty generic body rewrite that inserts the CVPN tag.  That tag never changes unless you create a new vServer so you can do a generic search for the URL and then insert the /cvpn/tag as needed.



Kenneth Hjelm Members

Kenneth Hjelm
  • 20 posts

Posted 12 June 2015 - 06:23 AM

Hi Jonathan and thanks for reply.

 

No, I dont have any other policies than the default wizard made policies. At least not that i'm aware of.

 

If i create a new body rewrite, wont the first URL get the /cvpn/tag twice? Or do you have an example of how I can create the policy correct?

 

 

 

Kenneth



Patrik Johansson Members

Patrik Johansson
  • 2 posts

Posted 06 October 2015 - 02:42 PM

Hi Kenneth,

 

I've go the same problem, did you get it working...



Kenneth Hjelm Members

Kenneth Hjelm
  • 20 posts

Posted 07 October 2015 - 12:47 PM

Sorry, no. The customer stopped using this web site shortly after so we didn't need to follow up on this issue.



Banin Adam Members

Banin Adam
  • 3 posts

Posted 09 February 2016 - 03:34 PM

im having the same issue and a netscaler newbie, can anyone point me in the direction of the command structure to create and bind a rewrite policy?

 

thanks



subramanyam gajula Members

subramanyam gajula
  • 16 posts

Posted 15 March 2017 - 01:43 PM

We are also facing the same issue. I have tried creating rewrite policies but non of them helped us to resolve the issue. Moreover, We are using Netscaler 11.1 build 48.

 

Any one has found the solution? Please update.



Paul Blitz Members

Paul Blitz
  • 3,695 posts

Posted 16 March 2017 - 04:13 PM

can you give some actual examples of the urls that aren't working? I'll then throw them at my netscaler and have a play....



subramanyam gajula Members

subramanyam gajula
  • 16 posts

Posted 28 March 2017 - 07:46 AM

Paul,

 

Whatever the URL you set it as home page doesn't open at first time. when you click refresh button, they will open immediately.

 

 

Here is the Secure Web log

 

==============================

 
Secure Web network policy is in Full VPN mode 
================
We are logged in, proceed as normal.
We are logged in, proceed as normal.
We are logged in, proceed as normal.
Using New Full VPN Procotol for this request: https://intranet.domain.local/Pages/home.aspx. nsurlsession: 0.
We are logged in, proceed as normal.
We are logged in, proceed as normal.
Network not available so will queue request.
Setting request timeout of 10.000000 seconds.
Setting keychain vault: CitrixMDXData5
CitrixMDXData5: Updating/syncing data.
Syncing data for container CitrixMDXData5 with sequence#: 88.
Getting user credentials.
Calling useCredential:forAuthenticationChallenge.
Exit.
Done sending URL request with status code: 200
Received App Data response from server with status code: 200
Received app data from AppC.
Parsing Mobile App XML data received from AppC...
==========================================
 
Using Secure Browse Protocol for this request: https://intranet.domain.local/Pages/home.aspx.
We are logged in, proceed as normal.
We are logged in, proceed as normal.
######### USING SECURE BROWSE PROTOCOL#########
Resolved gatewayDomain(mam.domain.local) to ip address (xxx.xxx.72.17)
Parsing config data
VPN config size = 262, version = 1, 6
TCP Proxy ready
DNS Proxy ready
AG Server (mam.domain.local) version: 11.1.48.10
-[AGHeartbeatManager initWithAGDomain:ipAddress:port:delegate:]: domain=mam.domain.local, delegate=<AGEEProtocol: 0x100d23990>, addr=xxx.xxx.72.17, port=443
AGTunneler created successfully.
Network not available so will queue request.
Stopping inactivity timer
Scheduled inactivity timer (21600.000000)
Stopping inactivity timer
Scheduled inactivity timer (21600.000000)

==========================================




Also tagged with one or more of these keywords: cvpn, smartaccess, url rewrite