Responder policy cannot be evaluated for Citrix Gateway "/cgi/login" request
Article ID: CTX465097
Updated On:
Description
Responder policy cannot be hit for Gateway "/cgi/login" http requst even policy expression is evaluated as TRUE.
Resolution
Bind the responder policy with bind type of "AAA_Request" and Request both to Gateway Virtual Server.
Example commands:
add responder policy test "CLIENT.IP.SRC.EQ(1.1.1.1).NOT" RESET
bind vpn vserver vsname -policy test -priority 100 -gotoPriorityExpression END -type REQUEST
bind vpn vserver vsname -policy test -priority 100 -gotoPriorityExpression END -type AAA_REQUEST
The policy evaluation flow of ADC list for your referrence here
Example commands:
add responder policy test "CLIENT.IP.SRC.EQ(1.1.1.1).NOT" RESET
bind vpn vserver vsname -policy test -priority 100 -gotoPriorityExpression END -type REQUEST
bind vpn vserver vsname -policy test -priority 100 -gotoPriorityExpression END -type AAA_REQUEST
Problem Cause
Since the "/cgi/login" request is handles seperately via AAA module, which is processed before the Responder policies. So the "/cgi/login" request won't be evaluated by Responder policy. This behaviror is by design.The policy evaluation flow of ADC list for your referrence here
Additional Information
The policy evaluation flow of ADC list for your referrence : https://support.citrix.com/article/CTX135254
Was this article helpful?
Yes
No
Powered by
