Advanced Access Control Web Resource Import Script

Advanced Access Control Web Resource URL Import Script

Created Date: December 8, 2006

Updated Date: December 8, 2006

Description

This script automates the import of a list of multiple URLs that you desire to add to a new Advanced Access Control 4.5 Web Resource or update an existing one. The main purpose of the script is to provide a workaround to the current white list requirement for all URLs processed by the Web Proxy. In most cases, it is desirable to have external URLs on public Web sites such as MSN, or Google be by-passed so no server resources are consumed for re-writing these applications which would otherwise be directly accessible by the remote client. In addition, Web resource(s) may contain many embedded links to numerous common internal or external resources. A good example would be Web mail, which if HTML-based, may contain numerous links to external resources.

The script requires that a CSV import file be pre-populated with URLs and other ancillary information in a specific format. These URLs could be obtained from Web server, proxy, or firewall logs.

Prerequisites

• Advanced Access Control 4.2 or Advanced Access Control 4.5 with latest hotfixes

• Windows 2000/2003 Server

• Windows Script Host 5.6 or later

• Advanced Access Control Database Login and connection details

Installing the Web Resource URL Import Script

Copy the respective archive for the correct Advanced Access Control version to an Advanced Access Control Farm server. Extract this script in a temporary folder or within the Advanced Access Control installation root along with the CSV import file.

How to Use the Web Resource URL Import Script

The script must be executed on an Advanced Access Control farm server because it makes use of the installed COM+ business objects. To use this script, follow these steps:

1. Populate the CSV file with all the desired URLs to include in the Web Resource.

2. Modify the Advanced Access Control Database connection information in the script header with the connection type, farm datababse name, and login information.

3. Specify whether the script should create a Web Resource or use an existing one.

4. Execute the script.

5. Once execution completes, a dialog should display which indicates the total number of successful or unsuccessful URLs imported. If there were any errors or unsuccessful URLs imported, check the log file created in the directory where the script was installed for more information.

6. To view the new Web Resource, Run Discovery on the resource node.

7. Create or modify a policy that references the autocreated or existing Web resource.

a. If the URLs are external (publicly available), the policy settings should have the Bypass Proxy option selected:

Figure 1 - Bypass Proxy Option for Public Content

This prevents additional load on the Web proxy for processing this content which could be accessed directly by the remote computer.

b. Otherwise, for internal content that should be allowed but processed by the Web proxy, simply “Allow” access:

Figure 2 - Allow Policy for Internal Resources

8. Examine the Web Resource that the script created or modified to ensure all the desired URLs are present with the correct authentication and application type template settings:

Figure 3 - Web Resource Properties

It is not necessary, and in most cases not desired, to publish the Web resource so that it becomes visible in the NAV UI since we are specifically dealing with embedded content.

Notes:

• This script does not add a policy to allow all users access to the URLs contained in the Web resource. A policy must be manually added – refer to steps above.

• Make sure you configure all of the desired constants before running this script.

• A full backup should be made of your configuration database before running this script

• If the script encounters a malformed URL, the script skips to the next URL but makes note of the failed URL in the log file generated in the run time directory.

• This script does not check for duplicate URLs, but fortunately these are handled by the Advanced Access Control objects. However, they are included in the successful import count.

Uninstalling the Web Resource URL Import Script

There is no specific removal process because this is a script.

Simply delete the vbs file, csv import dataset, and log file.

Disclaimer

The above mentioned sample code is provided to you as is with no representations, warranties or conditions of any kind. You may use, modify and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that (a) the sample code may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the sample code fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the sample code. In no event should the code be used to support of ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SAMPLE CODE, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Although the copyright in the code belongs to Citrix, any distribution of the code should include only your own standard copyright attribution, and not that of Citrix. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the code.