NetScaler Policies – Simplifies Client-IP Insertion on Backend

An article by Abhilash Verma from Citrix Blogs

As the CDN networks and Secure Web Gateways grow in terms of practical usage, it becomes even more challenging to preserve the Client-IP throughout the path to the last leg. We get this question often. We addressed it directly in this 2012 blog post: (http://blogs.citrix.com/2012/08/31/using-tcp-options-for-client-ip-insertion/). What we did not cover was the actual implementation of this concept as how one can read the IP address from incoming TCP Options and insert it into the HTTP header going to backend server/app.

 

Using TCP Options To Insert Original Client-IP And Also Preserve It Through The Stream Has Become a Common Use Case

In most cases while NetScaler is deployed as reverse proxy, we sit close to the Server side on the network and hence we become the last proxy request passes through. At backend, it is required to get original Client-IP from logging, compliance and application perspective. Hence NetScaler becomes the logical place where you retrieve the IP from TCP options and insert it into the HTTP header going to the backend server/app. Here is an example of Rewrite policy/action which achieves the same for you.

Read More

Be Sociable, Share!
 

Tags: , ,

Comments

No comments so far.

  • Leave a Reply
     
    Your gravatar
    Your Name