Mixed Content warnings when using SSL Offloading? Use the NetScaler Rewrite Policies…

Citrix NetScaler is one of the most advanced and impressive products that I used throughout the past 5 years. Started with the configuration of the NetScaler Access Gateway, and ended up with all the advanced features, such as URL Rewrite, Content Switching (CSW), Global Server Load Balancing (GSLB) and URL transformations.

(I’m also advice you to take a look at GSLB, I’ll already covered this feature earlier in a CUCG User Share Webinar, together with Fellow NSIG leaders Dave Brett and Carsten Bruns).

When u setup the following scenario… SSL Offloading and the Web Application and / or service requires the transformation of the internal HTTP Protocol to a Secure HTTPS connection on the outside and experience problems with the URL transformation. For example, the application doesn’t show the right redirections, and it still places http:// in front of some of the links. To solve this problem, you’ll need to active Rewrite Actions, which will translate all the SSL Offloading HTTPS requests back to HTTP in the header. At this moment, the Web Application will know his way and will proceed working properly.

In this article, I’ll show you how you can configure URL Rewrite / Responder Policies to make sure that your Web Application continues working after activating SSL Offloading, when the back-end is listening on the HTTP Protocol.



Errors without URL Rewrite activated

The following error can return, when u activated SSL Offloading without using URL Rewrite policies…

And the following errors can return in the Developer Tools

Solve this Mixed Content error by proceeding the steps below.

URL Rewrite configuration steps

Perform the following steps to use the rewrite feature to replace occurrences of http:// with https:// in the body of an HTTP response. At this way, the protocol transformation steps will be translated

Step 1: Create a Rewrite Action through the following command

add rewrite action httpRewriteAction replace_all http.res.body(50000) "\"https://\"" -pattern http://

Step 2: Aanmaken van rewrite policy

add rewrite policy httpRewritePolicy "http.res.body(50000).contains(\"http://\")" httpRewriteAction

Step 3: Bind the new Rewrite policy to the Virtual Server of the Web Application Server – as Response Rewrite Policy.

Note: Check the following Citrix Docs article for all the other Policies and Expressions possibilities that are available for NetScaler. https://docs.citrix.com/en-us/netscaler/11/appexpert/policies-and-expressions/ns-pi-summ-exmp-adv-expr-pol-wrapper-con.html

That’s it, I’ll hope this helps to solve your problem.


Christiaan Brinkhoff