ADC

Rewrite

Warning

Filter features using classic policies are deprecated and as an alternative Citrix recommends you to use the rewrite and responder features with advanced policy infrastructure.

Rewrite refers to the rewriting of some information in the requests or responses handled by the Citrix ADC appliance. Rewriting can help in providing access to the requested content without exposing unnecessary details about the website’s actual configuration. A few situations in which the rewrite feature is useful are described below:

  • <To improve security, the Citrix ADC can rewrite all the http://links to https:// in the response body.
  • <In the SSL offload deployment, the insecure links in the response have to be converted into secure links. Using the rewrite option, you can rewrite all the http://links to https:// for making sure that the outgoing responses from Citrix ADC to the client have the secured links.
  • <If a website has to show an error page, you can show a custom error page instead of the default 404 Error page. For example, if you show the home page or site map of the website instead of an error page, the visitor remains on the site instead of moving away from the website.
  • <If you want to launch a new website, but use the old URL, you can use the Rewrite option.
  • <When a topic in a site has a complicated URL, you can rewrite it with a simple, easy-to-remember URL (also referred to as ‘cool URL’).
  • <You can append the default page name to the URL of a website. For example, if the default page of a company’s website is http://www.abc.com/index.php, when the user types ‘abc.com’ in the address bar of the browser, you can rewrite the URL to ‘abc.com/index.php’.

When you enable the rewrite feature, Citrix ADC can modify the headers and body of HTTP requests and responses.

To rewrite HTTP requests and responses, you can use protocol-aware Citrix ADC policy expressions in the rewrite policies you configure. The virtual servers that manage the HTTP requests and responses must be of type HTTP or SSL. In HTTP traffic, you can take the following actions:

  • <Modify the URL of a request
  • <Add, modify, or delete headers
  • <Add, replace, or delete any specific string within the body or headers.

To rewrite TCP payloads, consider the payload as a raw stream of bytes. Each of the virtual servers that managing the TCP connections must be of type TCP or SSL_TCP. The term TCP rewrite is used to refer to the rewrite of TCP payloads that are not HTTP data. In TCP traffic, you can add, modify, or delete any part of the TCP payload.

For examples to use the rewrite feature, see Rewrite Action and Policy Examples.

Comparison between Rewrite and Responder options

The main difference between the rewrite feature and the responder feature is as follows:

Responder cannot be used for response or server-based expressions. Responder can be used only for the following scenarios depending on client parameters:

  • Redirecting an http request to new websites or webpages
  • Responding with some custom response
  • Dropping or resetting a connection at request level

If there is a responder policy, the Citrix ADC examines the request from the client, takes action according to the applicable policies, sends the response to the client, and closes the connection with the client.

If there is a rewrite policy, the Citrix ADC examines the request from the client or response from the server, takes action according to the applicable policies, and forwards the traffic to the client or the server.

In general, it is recommended to use a responder if you want the Citrix ADC to reset or drop a connection based on a client or request-based parameter. Use a responder to redirect traffic, or respond with custom messages. Use rewrite for manipulating data on HTTP requests and responses.

Rewrite