Forum Discussion
NimbostratusiRule asm-vip target apm-vip
Hi all we need to secure apm portal facing internet with ASM. To do that we have created two VS, one facing internet (asm vs) and an internal vs (apm-vs) on ASM-VS i've created an irule which send all request to APM VS like this: when HTTP_REQUEST { virtual my-apm-vs } This is working well when i've a portal access or web application on APM. But when i've an remote desktop like citrix it's not working. I think that this is due that ICA traffic is not http, so may be i need to disable http processing for ica flow. this issue should be the same if we use network access. if http profile disabled asm should not work. Any idea on this please? how can i do to make citrix remote desktop working when using vip target vip irule whith asm and apm? Thanks in advance.
3 Replies
tarma_58716any idea on this guys?
Yann_DesmarestCirrus
Hello,
You should write an irule to collect and parse the SSL flow from the first VIP and find if it contains HTTP else you have to disable ASM and HTTP processing.
I have done this few times to allow citrix and rdp content and it works fine.
- Yann_Desmarest
Hello,
By adding something similar, you will be able to handle citrix and rdp tunnels :
when CLIENT_ACCEPTED { virtual /Common/VS_Myvs } when CLIENTSSL_HANDSHAKE { SSL::collect } when CLIENTSSL_DATA { set firstline [SSL::payload 0 [string first \r\n [SSL::payload]]] if { !($firstline contains "HTTP") } { HTTP::disable ASM::disable } SSL::release }
