Pages

Friday, June 16, 2017

Configuring a Citrix NetScaler Responder Policy and Action to redirect traffic to another URL based on source IP

I’ve been asked several times in the past about how to configure a NetScaler virtual load balancing server to redirect traffic to another URL based on the incoming source IP address so this post serves to demonstrate the process.

Step #1 – Create the Responder Action

Begin by navigating to AppExpert > Responder > Actions and click the Add button to create the responder action to execute when a policy is met:

image

In the Create Responder Action window, fill in the following fields as required:

Name: A name that represents the redirect – Redirect_USA_Subnets_Action

Type: Redirect

Expression: Enter the URL you would like to redirect requests to with quotes – “https://www.someURL.com”

Response Status Code: 302

image

Step #2 – Create the Responder Policy

Navigate to AppExpert > Responder > Policies and click the Add button to create the responder police that will execute the action that was previously created when a requirement is met:

image

In the Create Responder Policy window, fill in the following fields as required:

Name: A name that represents the redirect – Redirect_USA_Subnets_Action

Action: The previous action created – Redirect_USA_Subnets_Action

Expression: Enter the required IP address or subnet with the expressions:

CLIENT.IP.SRC.EQ(x.x.x.x) || CLIENT.IP.SRC.IN_SUBNET(x.x.x.0/24)

An example of would be:

CLIENT.IP.SRC.EQ(10.43.3.136) || CLIENT.IP.SRC.IN_SUBNET(162.221.215.0/24) || CLIENT.IP.SRC.IN_SUBNET(195.130.217.0/24) || CLIENT.IP.SRC.IN_SUBNET(91.220.42.0/24) || CLIENT.IP.SRC.IN_SUBNET(185.58.84.0/22)

image

Step #3 – Assign Responder Policy to Virtual Server

Navigate to Traffic Management > Load Balancing > Virtual Servers and edit the properties of the virtual server you would like to redirect traffic based on incoming source IP address:

image

If there are already policies assigned, scroll down to the Policies section and click on the + button or if there are no policies applied then click on the Policies button listed on the right side of the page to add a new policy:

image

Configure the following and click Continue:

Choose Policy: Responder

Choose Type: Request

image

In the Choose Type options window, click on Click to select under Select Policy:

image

Select the Responder Policy that was created earlier:

image

Click on the Bind button to bind the policy to the virtual server:

image

Save the configuration by clicking on the Done button:

image

The NetScaler will now redirect any traffic coming in for the specified IPs to the alternate URL.

No comments: