NetScaler Policies – Simplifies Client-IP Insertion on Backend
As the CDN networks and Secure Web Gateways grow in terms of practical usage, it becomes even more challenging to preserve the Client-IP throughout the path to the last leg. We get this question often. We addressed it directly in this 2012 blog post: (http://blogs.citrix.com/2012/08/31/using-tcp-options-for-client-ip-insertion/). What we did not cover was the actual implementation of this concept as how one can read the IP address from incoming TCP Options and insert it into the HTTP header going to backend server/app.
Using TCP Options To Insert Original Client-IP And Also Preserve It Through The Stream Has Become a Common Use Case
In most cases while NetScaler is deployed as reverse proxy, we sit close to the Server side on the network and hence we become the last proxy request passes through. At backend, it is required to get original Client-IP from logging, compliance and application perspective. Hence NetScaler becomes the logical place where you retrieve the IP from TCP options and insert it into the HTTP header going to the backend server/app. Here is an example of Rewrite policy/action which achieves the same for you.