This article describes how to redirect users from HTTP to HTTPS while accessing NSIP/management IP of NetScaler.

Background

By default, NetScaler NSIP accepts connections on both port 80 and 443. However if you want to restrict the users from accessing the NSIP over HTTP then you can use the secure only option available under IP settings. However, this is not user friendly and they have to manually access the site using HTTPS.

To simply the above requirement, as an admin, you can create an HTTP to HTTPS Responder policy on the NetScaler.

---

Instructions

Complete the following steps to redirect users from HTTP to HTTPS while accessing NSIP/management IP of NetScaler:

Step 1

Create a Responder policy and action as shown:
Note: You can either use the NSIP or FQDN. In the following policy you have to change the highlighted IP with NSIP.
add responder action http_https_Action redirect "\"https://a.b.c.d\""
add responder policy http_https_managemet "CLIENT.SSL.IS_SSL.NOT&&CLIENT.IP.DST.EQ(a.b.c.d)" http_https_Action
bind responder global http_https_managemet 10 END -type REQ_OVERRIDE

Bind the Responder policy globally with high priority.

Step 2

This is the important step as NetScaler by default skips any AppExpert related configuration for system access. In order to apply the preceding Responder policies to NSIP you have to use the below nsapimgr switch, make sure to run this by shell, not CLI:

nsapimgr -ys skip_systemaccess_policyeval=0

After making these changes, the users will be redirected to HTTPS site. 

Also, you need to update the nsapimgr command in the rc.netscaler to make the changes persistent across reboots.

**** When using this in an HA Pair the nsapimgr command needs to be applied to both nodes otherwise you will need partial functionality with trying to access the management GUI.

This article describes how to redirect users from HTTP to HTTPS while accessing NSIP/management IP of NetScaler