Add pop-up windows for certain countries from Citrix ADC/NetScaler


Geofencing on Citrix ADC / NetScaler

Recently, I had to add a pop-up window to a webpage. It should display every time users from a certain region surfs to this site. In this very case, it’s been information on Putin’s war against Ukraine. My customer’s idea had been to bypassPutin’s ban of information. However, however, did not want to touch each and every page, and it had to be dependent on the country: Austrian, Albanian, Puerto Rican, Arab, and so on, all countries other than Russians, should not see it. This can be done, using MaxMind’s Geo-information in Citrix ADC/NetScaler. I have written a blog about using the built-in GeoLite City database, so I won’t go into it this time. This blog is just about the policies I used.

The policy action

Citrix ADC/NetScaler: Insert a popup into an HTML pageadd rewrite action rw_act_insert_information replace_all "HTTP.RES.BODY(1024)" "\"<head><script>\'/russia.html\', \'fenster1\', \'width=600,height=400,status=yes,scrollbars=yes,resizable=yes\');</script>\"" -search "text(\"<head>\")"

So, it’s a REPLACE_ALL action. We will replace the <head> tag with "<head><script>\'/russia.html\', \'fenster1\', \'width=600,height=400,status=yes,scrollbars=yes,resizable=yes\');</script>. That’s a simple javascript opening a new browser window (size 600 x 400) and displaying content from /russia.html.

  • Expression to choose target location: That’s where we search for the string we want to replace. In my case, it’s the first 1024 bytes of the HTTP response. It could be less, of course, as the information I’m searching for is on the very top of the page.
  • Expression: Maybe my English is bad? It means nothing to me. What Citrix wanted to say, it’s the expression we replace the searched string with.
  • Search / Pattern: What will we search for. Please always use “search” as “pattern” is depreciated!
  • Text / Regular Expression / Pattern Set / Data Set, AVP, XPATH, XPATH XML, XPATH JSON: The kind of information we search for. In our case, it’s just a literal, so text is right.
  • Search string. In our case, it’s an HTML tag: <head>.
  • Refine Search: This would refine the search, but we don’t need it.

The policy

The policy would be easy, just following the guides I showed before. However, this is not enough.

Citrix ADC/NetScaler: Insert a popup into an HTML pageadd rewrite policy res_pol_insert_information "CLIENT.IP.SRC.MATCHES_LOCATION(\"*.RU.*.*.*.*\") && HTTP.RES.HEADER(\"Content-Type\").CONTAINS(\"text/html\") && HTTP.REQ.URL.EQ(\"/russia.html\").NOT " rw_act_insert_information

CLIENT.IP.SRC.MATCHES_LOCATION(\"*.RU.*.*.*.*\") The expression searches the GeoLite City database for the client’s IP address and finds out if the IP address is registered in Russia. If this is true and the content type of the HTTP response HTTP.RES.HEADER(\"Content-Type\").CONTAINS(\"text/html\")is text/html and it’s not my pop-up window (HTTP.REQ.URL.EQ(\"/russia.html\").NOT), the policy will be applied.

The first part is obvious. The second part is just to keep the Citrix ADC / NetScaler from searching images, style-sheets, java-scripts and similar content for the HTML tag. The last part will keep the policy from being applied to the popup window itself. This would cause undesired recursion (i.e. the browser loading the same page on and on).

Again, I would be glad to get comments. I hope it’s of some use for you and you like it!

About the author

Johannes Norz

Johannes Norz is a Citrix Certified Citrix Technology Advocate (CTA), Citrix Certified Instructor (CCI) and Citrix Certified Expert on Application Delivery and Security (CCE-AppDS).

He frequently works for Citrix international Consulting Services and several education centres all around the globe.

Johannes lives in Austria. He had been borne in Innsbruck, a small city (150.000 inhabitants) in the middle of the most beautiful Austrian mountains (

Add comment

Recent Posts

Recent Comments