Block Access to Web Apps hosted on NetScaler from Mobile browsers and Allow through custom Apps

 

image

Introduction:

In a recent engagement, one of my customers was using NetScaler to load balance couple of web application servers, and they were using custom in-house developed mobile apps to browse these load balanced web servers. Users are able to access these applications through browsers like Safari or Chrome from Mobile/Windows browsers.

Customer Requirement was to block access to these web applications from Mobile browsers and allow access to the Web applications only from the In-house Mobile apps.

We can achieve this by using NetScaler Responder Policy in the following manner:

Prerequisites:

· Any Virtual Server (LB or CS or NetScaler gateway virtual server)

· Responder Policy

· Responder Action(Optional if you want to present custom message instead of default error page )

Configuration:

Step 1: Enable Responder feature on NetScaler (System – Settings – Configure Advanced Features).

image

·Step 2: Create Responder HTML Page (AppExpert – Responder – HTML Page Imports – ADD).

image

In here you can put any HTML page content that you would like a user to see when trying to access the web apps from mobile browser.

image

Step 3: Create a Responder Action ( AppExpert – Responder – Actions – ADD ) and add previously created HTLM page

image

Step 4: Create a Responder Policy (AppExpert – Responder – Policy – ADD).

HTTP.REQ.HEADER(“User-Agent”).CONTAINS(“iPhone”)&&HTTP.REQ.HEADER(“User-Agent”).CONTAINS(“Safari”)||HTTP.REQ.HEADER(“User-Agent”).CONTAINS(“iPad”)&&HTTP.REQ.HEADER(“User-Agent”).CONTAINS(“Safari”)||

HTTP.REQ.HEADER(“User-Agent”).CONTAINS(“Android”)&&HTTP.REQ.HEADER(“User-Agent”).CONTAINS(“Chrome”)||HTTP.REQ.HEADER(“User-Agent”).CONTAINS(“Android”)&&HTTP.REQ.HEADER(“User-Agent”).CONTAINS(“Mozilla”)

image

Step 5: Assign Responder Policy to Virtual server (Content Switch or LB virtual server or Access Gateway) (NetScaler Gateway – Virtual Servers – Edit MAM virtual server – Add Policy – Responder/Request – Select Policy & Bind – Save NS Config).

image

image

image

Testing

We can test this using NetScaler access gateway page through safari or chrome browser to check the blocking and then we can use Citrix workspace/Secure Hub for iOS/Android to test access

Testing from Mobile Browser

Launch Safari/Chrome from iOS/Android device and enter the Gateway or virtual server URL for testing:

Safari (iOS)

image  image

Chrome (Android)

image   image

· Page is getting blocked in browser with Custom HTML Title and Body

Testing through Mobile Applications

· Launch Citrix Workspace/Secure Hub app for iOS/Android and enter Gateway URL, credentials and you will see you apps with not blocking.

iOS

clip_image026 clip_image028 clip_image030

Android

 clip_image032 clip_image034 clip_image036