This article contains information about configuring a NetScaler Responder Policy to do the following:

• Redirect connections from HTTP to HTTPS.
• Except for users accessing the HTTP site from a few subnet segments.

Instructions

Complete the following instructions to create a Responder policy to redirect HTTP to HTTPS except from a few subnets. The following subnets are used as an example for this procedure:

• Subnet1 - 10.140.4.0/23
• Subnet2 - 10.140.24.0/23
• Subnet3 - 10.140.5.0/23

• GUI
• CLI

Creating a Responder Policy using Graphical User Interface

Overview of GUI steps diagram

1. In the NetScaler menu pane, expand the System node and click Settings.

   1. On the right pane, in the left column, click Configure Advanced Features.
   2. Check the box next to Responder and click OK.

2. In the NetScaler menu pane, expand the Responder node, and click Actions.

3. Click Add to create a Responder Action.

   1. Specify the name of the Responder Action (e.g. Redirect_Action).
   2. Change the Type drop-down to Redirect. It’s too easy to overlook this.

      

   3. In the Expression box, enter an expression that renders to a URL. For example, you can enter "https://webapp.company.com". Literal strings must have quotes around them.
   4. Click Create to finish creating the Responder Action.

4. In the NetScaler menu pane, expand the Responder node, and click Policies.

5. On the right, click Add to create a Responder Policy.

   1. Enter a name for the Responder Policy (e.g. Redirect_Pol).
   2. Use the Action drop-down to select the Redirect Action you created earlier.
   3. In the Expression box, enter something like the following:

      CLIENT.IP.SRC.IN_SUBNET(10.140.4.0/23).NOT && CLIENT.IP.SRC.IN_SUBNET(10.140.24.0/23).NOT && CLIENT.IP.SRC.IN_SUBNET(10.140.5.0/23).NOT

   4. Click Create to finish creating the Responder Policy.

6. In the NetScaler menu pane, expand Traffic Management, expand Load Balancing, and click Virtual Servers.

7. Edit a Load Balancing Virtual Server that is listening on protocol HTTP (not SSL) and port 80. Since you are redirecting from HTTP to SSL, you want the HTTP listener, not the SSL listener.

   1. If you don’t see the Policies section on the left, then add it from the Advanced Settings menu on the right.
   2. In the Policies section on the left, click the plus icon.
   3. Change the Choose Policy drop-down to Responder and click Continue.
   4. Click where it says Click to Select.
   5. Find the Responder Policy you created earlier and click the small circle next to it. Then click the blue Select button at the top of the window.
   6. Click Bind to finish binding.
      Note: the Responder policy only works if the HTTP Load Balancing Virtual Server is UP.

Creating a Responder Policy using Command Line Interface

You can use the following expression to create a Responder policy:

"CLIENT.IP.SRC.IN_SUBNET(<Subnet1>).NOT && CLIENT.IP.SRC.IN_SUBNET(<Subnet2>).NOT&& CLIENT.IP.SRC.IN_SUBNET(<Subnet3>).NOT"

Run the following commands from the command line interface of the appliance to create Responder action and policy:

add responder action redirect_to_https_action redirect "\"https://<redirect url>\"" -bypassSafetyCheck YES
add responder policy pol1 "CLIENT.IP.SRC.IN_SUBNET(10.140.4.0/23).NOT && CLIENT.IP.SRC.IN_SUBNET(10.140.24.0/23).NOT&& CLIENT.IP.SRC.IN_SUBNET(10.140.5.0/23).NOT" redirect_to_https_action
bind lb vserver webapp.company.com-HTTP-SSLRedirect -policyName policy pol1 -priority 100 -gotoPriorityExpression END -type REQUEST

CTX121474 – Set Up HTTP to HTTPS Redirection for a SharePoint Site by Using NetScaler AppExpert Templates