Thursday, May 5, 2016

Using Citrix NetScaler Rewrite Action and Policy to prevent the Location HTTP header from exposing internal IP addresses

I was recently asked by a client to fix an issue with their Exchange 2013 Outlook Web Access webpage where an HTTP request to the site would expose the internal IP address of the Client Access Server in the Location HTTP header as shown in the following test performed with NMAP (

ncat 80
GET / HTTP/1.0

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Pragma: no-cache
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Thu, 05 May 2016 00:08:13 GMT
Connection: close
Content-Length: 0


The client referenced the following Microsoft KB but the article references an older version of IIS:

After researching about the issue and not finding a way to correct this in IIS, I decided to use the Citrix NetScaler load balancer we were already using to publish OWA to rewrite the header to use the FQDN. The following are steps required.

Begin by creating a new Rewrite Action with the following configuration:

Name: act_location_header


Expression to choose target location: HTTP.RES.HEADER("Location")

Expression to Replace with:


Once the Rewrite Action is created, proceed with creating a Rewrite Policy with the following configuration:

Name: pol_location_header
Action: act_location_header
Undefined-Result Action: -Global-undefined-result-action-
Expression: true


With the Rewrite Policy created, proceed with assigning it to the HTTP (not HTTPS) OWA Load Balancing Virtual Server that serves to redirect user requests to HTTPS:


Choose Policy: Rewrite
Choose Type: Response


Select the pol_location_header Rewrite policy:


Leave the rest of the settings as default and click on the Bind button:


Redoing the test will now show the Location header replaced with the FQDN:


No comments: