Recently, I had to add a pop-up window to a webpage. It should display every time users from a certain region surfs to this site. In this very case, it’s been information on Putin’s war against Ukraine. My customer’s idea had been to bypassPutin’s ban of information. However, however, did not want to touch each and every page, and it had to be dependent on the country: Austrian, Albanian, Puerto Rican, Arab, and so on, all countries other than Russians, should not see it. This can be done, using MaxMind’s Geo-information in Citrix ADC/NetScaler. I have written a blog about using the built-in GeoLite City database, so I won’t go into it this time. This blog is just about the policies I used.
The policy action
add rewrite action rw_act_insert_information replace_all "HTTP.RES.BODY(1024)" "\"<head><script>window.onload=window.open(\'/russia.html\', \'fenster1\', \'width=600,height=400,status=yes,scrollbars=yes,resizable=yes\');</script>\"" -search "text(\"<head>\")"
So, it’s a REPLACE_ALL action. We will replace the
<head> tag with
- Expression to choose target location: That’s where we search for the string we want to replace. In my case, it’s the first 1024 bytes of the HTTP response. It could be less, of course, as the information I’m searching for is on the very top of the page.
- Expression: Maybe my English is bad? It means nothing to me. What Citrix wanted to say, it’s the expression we replace the searched string with.
- Search / Pattern: What will we search for. Please always use “search” as “pattern” is depreciated!
- Text / Regular Expression / Pattern Set / Data Set, AVP, XPATH, XPATH XML, XPATH JSON: The kind of information we search for. In our case, it’s just a literal, so text is right.
- Search string. In our case, it’s an HTML tag: <head>.
- Refine Search: This would refine the search, but we don’t need it.
The policy would be easy, just following the guides I showed before. However, this is not enough.
add rewrite policy res_pol_insert_information "CLIENT.IP.SRC.MATCHES_LOCATION(\"*.RU.*.*.*.*\") && HTTP.RES.HEADER(\"Content-Type\").CONTAINS(\"text/html\") && HTTP.REQ.URL.EQ(\"/russia.html\").NOT " rw_act_insert_information
CLIENT.IP.SRC.MATCHES_LOCATION(\"*.RU.*.*.*.*\") The expression searches the GeoLite City database for the client’s IP address and finds out if the IP address is registered in Russia. If this is true and the content type of the HTTP response
HTTP.RES.HEADER(\"Content-Type\").CONTAINS(\"text/html\")is text/html and it’s not my pop-up window (
HTTP.REQ.URL.EQ(\"/russia.html\").NOT), the policy will be applied.
The first part is obvious. The second part is just to keep the Citrix ADC / NetScaler from searching images, style-sheets, java-scripts and similar content for the HTML tag. The last part will keep the policy from being applied to the popup window itself. This would cause undesired recursion (i.e. the browser loading the same page on and on).
Again, I would be glad to get comments. I hope it’s of some use for you and you like it!