Product Documentation

Browser content redirection policy settings

Jun 04, 2018

The browser content redirection section contains policy settings to configure this feature.

Browser content redirection controls and optimizes the way XenApp and XenDesktop deliver any web browser content (for example, HTML5) to users. Only the visible area of the browser where content is displayed is redirected. 

HTML5 video redirection and browser content redirection are independent features. The HTML5 video redirection policies are not needed for this feature to work, but the Citrix HDX HTML5 Video Redirection Service is used for browser content redirection.

For more information, see Browser content redirection.

TLS and browser content redirection

You can use browser content redirection to redirect HTTPS websites. The JavaScript injected into those websites must establish a TLS connection to the Citrix HDX HTML5 Video Redirection Service (WebSocketService.exe) running on the VDA. To achieve this redirection and maintain the TLS integrity of the webpage, the Citrix HDX HTML5 Video Redirection Service generates two custom certificates in the certificate store on the VDA.

HdxVideo.js uses Secure Websockets to communicate with WebSocketService.exe running on the VDA. This process runs on the Local System, and performs SSL termination and user session mapping.

WebSocketService.exe is listening on 127.0.0.1 port 9001.

Warning

Editing the registry incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.

Browser content redirection

By default, Citrix Receiver tries client fetch and client render. If client fetch client and render fails, server-side rendering is tried. If you also enable the browser content redirection proxy configuration policy, Citrix Receiver tries only server fetch and client render.

By default, this setting is Allowed.

Registry override options for policy settings (registry path varies depending on VDA architecture):

\HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\HdxMediastream
Or
\HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\HdxMediastream

Name: WebBrowserRedirection
Type: DWORD
1 = Browser content redirection is Allowed.
0 = Browser content redirection is Prohibited.

Browser content redirection Access Control List (ACL) policy settings

Use this setting to configure an Access Control List (ACL) of URLs that can use browser content redirection or are denied access to browser content redirection.

Authorized URLs are the whitelisted URLs whose content is redirected to the client.

The wildcard * is permitted, but it isn't permitted within the protocol or the domain address part of the URL.

Allowed: http://www.xyz.com/index.html, https://www.xyz.com/*, http://www.xyz.com/*videos* 

Not allowed: http://*.xyz.com/

You can achieve better granularity by specifying paths in the URL. For example, if you specify https://www.xyz.com/sports/index.html, only the index.html page is redirected.

By default, this setting is set to https://www.youtube.com/*

Registry override options for policy settings (registry path varies depending on VDA architecture):

\HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\HdxMediastream
Or
\HKEY_LOCAL_MACHINE\Citrix\HdxMediastream

Name: WebBrowserRedirectionACL
Type: REG_MULTI_SZ

Browser content redirection blacklist setting

This setting works along with the browser content redirection ACL configuration setting. If URLs are present in the browser content redirection ACL configuration setting and the blacklist configuration setting, the blacklist configuration takes precedence and the browser content of the URL isn't redirected.

Unauthorized URLs: Specifies the blacklisted URLs whose browser content isn't redirected to the client, but rendered on the server.

The wildcard * is permitted, but it isn't permitted within the protocol or the domain address part of the URL.

Allowed: http://www.xyz.com/index.html, https://www.xyz.com/*, http://www.xyz.com/*videos* 

Not allowed: http://*.xyz.com/

You can achieve better granularity by specifying paths in the URL. For example, if you specify https://www.xyz.com/sports/index.html, only index.html is blacklisted.

Browser content redirection proxy setting

This setting provides configuration options for proxy settings on the VDA for browser content redirection.
If enabled with a valid proxy address and port number, Citrix Receiver tries only server fetch and client rendering.
If disabled or not configured and using a default value, Citrix Receiver tries client fetch and client rendering.

By default, this setting is Prohibited.

Registry override options for policy settings (registry path varies depending on VDA architecture):

\HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\HdxMediastream
Or
\HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\HdxMediastream

Name: WebBrowserRedirectionProxyAddress
Type: REG_SZ

Allowed pattern: http://<hostname/ip address>:<port>
Example: http://proxy.example.citrix.com:80

HDXVideo.js insertion for browser content redirection

localized image

HdxVideo.js is injected on the webpage by using the Internet Explorer Browser Helper Object (BHO). The BHO is a plug-in model for Internet Explorer. It provides hooks for browser APIs and allows the plug-in to access the Document Object Model (DOM) of the page to control navigation.

The BHO decides whether to inject HdxVideo.js on a given page. The decision is based on the administrative policies shown in the previous flow chart.

After it decides to inject the JavaScript and redirect browser content to the client, the webpage on the Internet Explorer browser on the VDA is blanked out. Setting the document.body.innerHTML to empty removes the entire body of the webpage on the VDA. The page is ready to be sent to the client to be displayed on the overlay browser (Hdxbrowser.exe) on the client.