This article describes how to remove the "Skip Check" option from EPA.HTML on post-authentication NetScaler Gateway EPA scan.
The solution in this article is meant for X1, Default, GreenBubble and RfWebUI portal themes.

---

Instructions

Run the following commands from NetScaler CLI for NetScaler 10.1 or 10.5:

add rewrite action SkipEPA_Action insert_before_all "http.RES.body(120000)" q/"nsversion=epaActiveX.getEPAVersion();" + "\n"/ -search "text(\"”if(epaActiveX.getEPAVersion()!= nsversion)\")" -comment SuppressSkipEPAScan
add rewrite policy SkipEPA_Pol "http.REq.URL.PATH_AND_QUERY.EQ(\"/vpns/postepa.html\")" SkipEPA_Action -comment "Skip EPA Scan Policy"
bind vpn server <VPN VServer name here>  -policy SkipEPA_Pol -priority 100 -gotoPriorityExpression END -type RESPONSE


If running NetScaler 11.x or 12.0, then use these CLI commands instead of the above:

add rewrite action SkipEPA_Action insert_before_all "HTTP.RES.BODY(120000).SET_TEXT_MODE(IGNORECASE)" q{"skipbutton.hide();"} -pattern "var left = $(\"<div></div>\").addClass('left');"
add rewrite policy SkipEPA_Pol "HTTP.REQ.URL.CONTAINS(\"postepa_view.js\")" SkipEPA_Action
bind vpnvserver <VPN VServer name here> -policy SkipEPA_Pol -priority 10 -gotoPriorityExpression END -type RESPONSE

If running NetScaler 13.0 or 13.1, where you get a warning message "Warning: -pattern is deprecated and will be removed in release 13.1, use -search instead" then use these CLI commands :

add rewrite action SkipEPA_Action insert_before_all "HTTP.RES.BODY(120000).SET_TEXT_MODE(IGNORECASE)" "\"skipbutton.hide();\"" -search "regex(re~var left = \\$\\(\"<div></div>\"\\).addClass\\(\'left\'\\);~)"
add rewrite policy SkipEPA_Pol "HTTP.REQ.URL.CONTAINS(\"postepa_view.js\")" SkipEPA_Action
bind vpnvserver <VPN VServer name here> -policy SkipEPA_Pol -priority 10 -gotoPriorityExpression END -type RESPONSE

Note that both sets of commands works upon a page which will be cached by both your browser and the NetScaler, so if it does not immediately work, clear your browser cache and clear the NetScaler's cache. Note if IC is disabled, you may need to reboot the NS to clear the cache.

For RfWebUI theme:
 

1. Append the below css style in /var/netscaler/logon/themes/<customTheme>/style.css.

#skipbutton {
    display: none;
}
 

2. Flush browser and ns cache for changes to reflect immediately. NS cache can be flushed using below command

flush cache contentgroup loginstaticobjects

The above mentioned sample code is provided to you as is with no representations, warranties or conditions of any kind. You may use, modify and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that (a) the sample code may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the sample code fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the sample code. In no event should the code be used to support ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SAMPLE CODE, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Although the copyright in the code belongs to Citrix, any distribution of the sample code should include only your own standard copyright attribution, and not that of Citrix. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the sample code.

This article describes how to remove the "Skip Check" option from EPA.HTML on post-authenticaion NetScaler Gateway EPA scan.