Product Documentation

Example 3: Tagging Secure and Insecure Connections

Example Inc. wants to tag incoming requests with a header that indicates whether or not the connection is a secure connection. This helps the server keep track of secure connections after the Citrix ADC has decrypted the connections.

To implement this configuration, you would begin by creating rewrite actions with the values shown in the following tables. These actions label connections to port 80 as insecure connections, and connections to port 443 as secure connections.

Action Name Type of Rewrite Action Header Name Value
Action-Rewrite-SSL_YES INSERT_HTTP_HEADER SSL YES
Action Name Type of Rewrite Action Header Name Value
Action-Rewrite-SSL_NO INSERT_HTTP_HEADER SSL NO

You would then create a rewrite policy with the values shown in the following tables. These policies check incoming requests to determine which requests are directed to port 80 and which are directed to port 443. The policies then add the correct SSL header.

Policy Name Action Name Undefined Action Expression
Policy-Rewrite-SSL_YES Action-Rewrite-SSL_YES NOREWRITE CLIENT.TCP.DSTPORT.EQ(443)
Policy-Rewrite-SSL_NO Action-Rewrite-SSL_NO NOREWRITE CLIENT.TCP.DSTPORT.EQ(80)

Finally, you would bind the rewrite policies to Citrix ADC, assigning the first policy a priority of 200, and the second a priority of 300, and setting the goto expression of both policies to END.

Each incoming connection to port 80 now has an SSL:NO HTTP header added to it and each incoming connection to port 443 has an SSL:YES HTTP header added to it.

Example 3: Tagging Secure and Insecure Connections

In this article