Posted 07 April 2017 - 08:45 PM
You got the header answer before I finished this.
Assuming the URLs are the gateway URLs, you've got an issue trying to use the URL path. (If it's not the gateway URL, then you may have options.) While policies based on URL contents are easy to evaluate, they don't work well in this scenario. Calls to the VPN vserver will drop custom paths and be replaced with the default gateway path: https://gateway.company.com/aaaweb becomes https://gateway.company.com/vpn/index.html.
So by the time you want to use the URL path to determine which session policy to apply, the path isn't present to evaluate.
As you saw, custom headers can be used instead. Also, the old domain drop-down list modification for the gateway logon page, shows how to insert a cookie and then evaluate this cookie to trigger which session policy you want. We've used that customization to direct traffic to specific stores, based on a drop down list on the gateway page. Instead of using it for domain selection in authentication we use it for store selection to trigger specific session policies. NOTE: this customization would have to be implemented slightly differently with the NS 11.x portal themes. But it would still be a manual customization outside of the theme handling.
The domain drop-down customization: https://support.citrix.com/article/CTX118657 (NS v10, 10.1 customization)
NetScaler 11.x version of the article: https://support.citrix.com/article/CTX203873 (NS v11.x)