Once again, In nowadays, Users are way too lazy ūüėČ and prefer to not enter https:// in front of the Access Gateway FQDN. Netscaler is the medicine for those users. In a previous post I showed how to make the HTTP-HTTPS-REDIRECTION working without the use of¬†the Content Switching Feature.
In this case, Let’s do this using the beautiful Content Switching feature.

Let’s suppose that we would like to redirect all HTTP requests comming to an access gateway with the URL “ssl.smali.net” to HTTPS.

This is what we need:

1. AppExpert – Pattern Set
2. Responder Action
3. Responder Policy
4. Content Switching vServer

So, Let’s start configuring this thing¬†ūüôā

1. We are going to define the domain name or all the FQDNs available on smali.net domain that the AGEE respond to. To make it simple let’s go with the Domain Name.
So, Logon to your Netscaler, hosting the Access Gateway vServer, and hit the AppExpert node and create a new Pattern Set and enter the domain name or just specify all FQDNs you would like to be redirected to HTTPS (It’s up to you, do whatever you are confortable with)…


2. Create a responder action with permanent redirection (301 response).


“HTTP/1.1 301 Moved Permanently\r\nLocation: https://” + HTTP.REQ.HOSTNAME.HTTP_URL_SAFE + “/\r\n\r\n”

Attention: I specified a 301 redirect in the responder¬†action to make¬†sure any search engine spiders index my site URL as “https://www.sitename.com” and not as “http://www.sitename.com” for SEO purposes.

3. Create a responder policy using an expression to call for the “Pattern Set” we created in first step, and bind it to the “action” you created on previous step.



4. Create a Content Switching vServer using HTTP protocol and link the responder policy to it. Of course you need to assign the same IP as the one you are using on your Access Gateway vServer. In this case I suppose your Access Gateway vServer is configured to listen to SSL traffic on port (443).
Note! If your Access Gateway vServer is configured on a non standard SSL port, (Meaning a custom port like 444, or whatever it is), then you need to configure an additional content switch vServer listenning to that custom port. Beside that a new responder (action & policy) need to be configured to redirect the SSL 443 traffic to the custom port in question.



That’s it ūüėČ


Storefront – Receiver For Web scenario

Let’s suppose we have the following Storefront data to work with:
Base URL: https://storefront.smali.net
Store Name: App Store
The above data results in a receiver for web url such as: https://storefront.smali.net/Citrix/AppStoreWeb

So¬†let’s configure the responder policies to redirect all “http://storefront.smali.net” requests to “https://storefront.smali.net/Citrix/AppStoreWeb”

To accomplish this we need two responder policies in place:
1. “HTTP to HTTPS redirection”¬†to be¬†bound to¬†(load balancing vserver¬†or¬†contentswitch vserver)¬†¬†on port 80
2. “Redirection to /Citrix/AppStoreWeb” to be bound to (load balancing vserver¬†or¬†contentswitch vserver) on port¬†443


HTTP to HTTPS redirection action:¬†Assign a name to the responder action, choose “Redirect” as type, and finally the following expression and click OK:


HTTP to HTTPS redirection Policy: Give it a name, choose the action you just created and enter the following expression (use url to your storefront base url)


Now bind the policy to your Storefront load balancing vserver or contentswitch vserver on port 80

Redirection to /Citrix/AppStoreWeb action: Give it a name, type “Redirect”¬†and the following expression (/Citrix/Your StoreNameWeb):


Redirection to /Citrix/AppStoreWeb policy: Give it a name, Choose the action you just created and the following expression:

HTTP.REQ.HOSTNAME.STARTSWITH(“storefront.smali.net”) && HTTP.REQ.URL.EQ(“/”)

Now bind the policy to your Storefront load balancing vserver or contentswitch vserver on port 443