Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

frank_combopia1's avatar
frank_combopia1
Icon for Nimbostratus rankNimbostratus
Oct 25, 2006

Rewriting URLs for Citrix Secure Gateway

Rewriting URLs for Citrix Secure Gateway     One of our App teams wishes to deploy a Citrix-based environment using the Secure Gateway in a DMZ, behind two ltm1500s. The Secure Gateway servers w...
application delivery
dev
devops
irules
dennypayne's avatar
dennypayne
Icon for Employee rankEmployee
Oct 25, 2006
The only way I could see to do this is if you *are* doing SSL termination, because that is the only way to be able to manipulate headers within an iRule on a SSL connection. You do have the ability however to re-encrypt before sending it to your pool using ServerSSL profiles. It would be up to you to determine whether that meets the requirement of "no SSL termination" though.

So you would have something similar to this:


when HTTP_REQUEST {
  if { [HTTP::host] contains "company.com" } {
   HTTP::header replace Host [www.new-app.com]
 }
}

But, an additional problem is that you can only put one cert on a virtual server, so unless you use a wildcard cert to begin with, you will have to have 2 separate virtual servers, with DNS entries pointing www.new-app.site.company.com to one and www.new-app.com to the other, otherwise you will get a cert warning on one of them if you try to connect both to the same virtual.

Denny