Kevin Papasoglou1709156704 Posted February 22, 2017 Share Posted February 22, 2017 Hello community, I've an issue with rewriting at clientless access for which I'd like to ask for your help. First some facts: NetScaler version: 11.1-51.26 License: VPX200 Ent The situation: In this deployment I'm using NetScaler Gateway with enabled clientless access to publish an internal website. This internal website is built on SharePoint with an additional front end. The problem: The CVPN engine of NetScaler Gateway seems to miss some URLs to rewrite or doesn't rewrite them correctly. In one particular case it forgets to include "/cvpn/https/..." at a link to a PDF document on the site. The website's URL looks like the following: https://host.example.intra/mysite/Pages/default.aspx On the website there is, as mentioned before, a PDF document listed by the following element: (...) <div class="ms-vb itx" ctxname="ctx5" id="4" app=""> <a class="ms-listlink ms-draggable" href="/mysite/directory_a/examplefile.pdf" (...) </a> </div> (...) The issue with the href link is that if it's clicked it gets rewritten to https://netscalergatewayFQDN/mysite/directory_a/examplefile.pdf which should actually be https://netscalergatewayFQDN/cvpn/https/host.example.intra/mysite/directory_a/examplefile.pdf The HTTP response contains the following line which I guess is linked with this (I'm not a web developer though): "FileRef": "\u002fmysite\u002fdirectory_a\u002fexamplefile.pdf", I thought I could trick it by creating an additional rewrite policy for that particular issue and bind it to the NetScaler Gateway for the response: add rewrite action rwa_pdf replace_all "HTTP.RES.BODY(1000000000).SET_TEXT_MODE(IGNORECASE)" q/"\"FileRef\": \"\\u002fcvpn\\u002fhttps\\u002fhost.example.intra\\u002fmysite"/ -pattern "\"FileRef\": \"\\u002fmysite\\" add rewrite policy rwp_pdf true rwa_pdf DROP bind vpn vserver netscalergateway -policy rwp_pdf -priority 100 -gotoPriorityExpression END -type RESPONSE The issue now is that the policy gets a hit when the site is called but it doesn't rewrite anything. Even changing it to something very simple by rewriting only a single word to exclude issues with special characters, it took no effect. When I check the HTTP response the code is still the same as before. Am I missing something? Maybe someone sees something in here. Thank you in advance! Link to comment Share on other sites More sharing options...
Sam Jacobs Posted February 22, 2017 Share Posted February 22, 2017 Did you include .example.intra in the list of clientlessaccess domains? Link to comment Share on other sites More sharing options...
Kevin Papasoglou1709156704 Posted February 22, 2017 Author Share Posted February 22, 2017 Hello Sam, Thanks for your reply. Yes, the domain of the site is listed in the allowed clientless access domains. Link to comment Share on other sites More sharing options...
Kevin Papasoglou1709156704 Posted February 23, 2017 Author Share Posted February 23, 2017 Sorry for the double post but the previous one was somehow messed up, lost some information and I couldn't correct it. In the meantime I also tried to trick it with a responder policy to redirect the client to the correct URL (see below). Unfortunately that doesn't work either. It still leads to https://netscalergatewayFQDN/mysite/directory_a/examplefile.pdf where NetScaler responds with "Http/1.1 Object Not Found". I also changed the policy expression to "true" but "nsconmsg -d current" shows no policy hits. At that point it looks like that it doesn't even consider processing the bound policies but immediately responds with the error message. I found a related post about this: http://discussions.citrix.com/topic/370970-question-url-11-object-not-found/ So there are two ideas but none of them works. :( Any further ideas? add responder action rpa_pdf redirect "\"https://\" + HTTP.REQ.HOSTNAME+ \"/cvpn/https/host.example.intra\" + HTTP.REQ.URL" -responseStatusCode 302 add responder policy rpp_pdf "HTTP.REQ.URL.PATH.STARTSWITH(\"/mysite\") && HTTP.REQ.URL.PATH.CONTAINS(\".pdf\")" rpa_pdf DROP Link to comment Share on other sites More sharing options...
NCOC ICT OPS NCOC ICT OPS Posted June 19, 2018 Share Posted June 19, 2018 Dear kpapaso136, Did you find any solution for this case, we face with the same situation, we see hits but not rewritten content of response in UG. Thanks! Link to comment Share on other sites More sharing options...
Kevin Papasoglou1709156704 Posted June 19, 2018 Author Share Posted June 19, 2018 Dear ncoc-citrix-account, Unfortunately I couldn't find a solution to this issue. Later on this configuration request was dropped and I did not investigate further on this, I'm sorry. Good luck! Link to comment Share on other sites More sharing options...
albert shi Posted June 28, 2020 Share Posted June 28, 2020 Hi Bro I have encountered similar problems, with reasons and solutions for your reference: In general, in the CVPN scenario, NETSCALER will overwrite the links referenced in JS and add the CVPN encrypted fields to the URL. NetScaler interprets whether the response file is JavaScript through content type. If the content type is incorrect or not standard, NetScaler will not convert the link in the JavaScript. So please make sure all javascript file use “Application/x-javascript” as Content-Type in your web site. If use the “Application/javascript” or other, rewrite it to "application/x-javascript" please. Good luck! Link to comment Share on other sites More sharing options...
albert shi Posted June 28, 2020 Share Posted June 28, 2020 3 minutes ago, albert shi said: Hi Bro I have encountered similar problems, with reasons and solutions for your reference: In general, in the CVPN scenario, NETSCALER will overwrite the links referenced in JS and add the CVPN encrypted fields to the URL. NetScaler interprets whether the response file is JavaScript through content type. If the content type is incorrect or not standard, NetScaler will not convert the link in the JavaScript. So please make sure all javascript file use “Application/x-javascript” as Content-Type in your web site. If use the “Application/javascript” or other, rewrite it to "application/x-javascript" please. Good luck! If the rewrite not working, please remove the "Accept-Encoding" in request headers. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now