ICA_ Patcher_iRule

Problem this snippet solves:

The ICAPatcher iRule intercepts .ica files served by Citrix Web Interface servers and patches them to add entries to point Citrix clients to the CitrixICAPatcher virtual server as their HTTPS Proxy. This also injects APM login credentials so there is no need for the Citrix client to request the user to authenticate to the proxy.

This iRule is part of the F5 Deployment Guide "Deploying the BIG-IP APM Secure Proxy with Citrix XenAPP" which can be found in Resources section of f5.com

Please see the deployment guide for full instructions on how to install, use and configure this iRule.

Code :

when HTTP_REQUEST {
# save the MRHSession cookie for future use
if { ![info exists apm_cookie] } {
if { [string length [HTTP::cookie MRHSession] ] > 0 } {
set apm_cookie [HTTP::cookie MRHSession]
}
}
if { ![info exists apm_host] } {
set apm_host [HTTP::host]
}
if { [HTTP::header "User-Agent"] contains "CitrixReceiver" } {
set CitrixReceiver {}
}
set vip "[HTTP::host]:[clientside { TCP::local_port }]"
}
# catch the ICA file
when HTTP_RESPONSE {
if { [HTTP::header Content-Type] contains "application/x-ica" } {
HTTP::collect [HTTP::header Content-Length]
}
}
# and patch it
when HTTP_RESPONSE_DATA {
set payload [HTTP::payload]
set payload [ regsub -all {Proxy[^\n]+\n} $payload {} ]
set payload [ regsub {DoNotUseDefaultCSL[^\n]+\n} $payload {} ]
if { [info exists CitrixReceiver ] } {
set payload [ regsub {CGPAddress[^\n]+\n} $payload {} ]
}
regexp -line {Address=(.+)} $payload dummy CtxAddrPort
set CtxAddr [lindex [split $CtxAddrPort ":"] 0]
set CtxPort [lindex [split $CtxAddrPort ":"] 1]
regexp -line {CGPAddress=(.+)} $payload dummy CGPAddrPort
if { [info exists CGPAddrPort] } {
set CtxPort [lindex [split $CGPAddrPort ":"] 1]
}
set payload [ regsub {\[WFClient\]} $payload
"&\r\nProxyType=Secure\r\nProxyHost=$vip\r\nProxyUsername=$apm_cookie\r\nProxyPassword=$Ctx
Addr-$CtxPort" ]
set payload [ regsub {SSLEnable[^\n]+\n} $payload "SSLEnable=On\r\n" ]
set payload [ regsub {Address[^\n]+\n} $payload "Address=$apm_host\r\n" ]
HTTP::respond 200 content $payload Content-Type [HTTP::header Content-Type]
}
Published Mar 18, 2015
Version 1.0
application delivery
devops
iRules

Was this article helpful?

No CommentsBe the first to comment