XMS Cloud / NetScaler on-premise Secure Web Link issue

NetScaler Xenmobile

Working on a project to move Cloud NetScaler to on-premise for a customer, we had issue with Secure Web Link.

In fact, if you have this configuration (Cloud XMS, On-prem NetScaler) and you configure Web Link with for example the following URL:

http://www.domain.com

When you will open the Web Link the URL will be changed from http://www.domain.com to https://www.domain.com

This happen because SSL Redirect is configured on the Cloud NetScaler that provide access to XMS Cloud through Content Switching vServer.

It cannot be disabled, so what is the solution?

In fact 3 solutions exist:

  1. Create a whitelist for the URL
  2. Change weblink to https but if you need access to external URL that are not configured to support SSL it will not work
  3. Do not use Weblink but Favorites/Bookmark inside Secure Web

For option 1, a Citrix article exist and can be found here

For option 3, it’s the simplest to implement, however it will provide the Favorites/Bookmark to all users and it should not be what you want.

For option 1, if you decide to use it, here is the command to run on your NetScaler:

add policy patset xms_http_list

bind policy patset xms_http_list www.domain.com -index 1 -charset UTF_8

add rewrite action XMS_http_list_rw_action replace “http.RES.HEADER(\”Location\”).REGEX_SELECT(re!https!)” “\”http\””

add rewrite policy XMS_http_whitelist_rw “http.RES.HEADER(\”Location\”).CONTAINS_ANY(\”xms_http_list\”)” XMS_http_list_rw_action

And finally bind the Rewrite policy to your NetScaler Gateway

Note: Those information are provided based on my own experience.