Sunday 25 December 2011

How to securely redirect to Web Interface in Citrix

As default Web Interface should be used with SSL encryption (HTTPS) enabled, since users are sending credentials overt the wire. This is even more important when using WI internally because researches showed that most attacks are coming from inside.
Difficult part is that users are not very familiar with typing httpS...
  1. After the Server certificate was applied to IIS, SSL should be disabled
    IIS Manager | Default Web Site | Directory Security | Edit secure communications | Disable SSL

    SSL Disabled
  2. Next is to enable SSL ONLY for Web Interface and every other site/folder you like.
    IIS Manager | Default Web Site | Citrix | MetaFrame | Directory Security | Edit secure communications | Enable SSL

    SSL Enabled
  3. Redirect user to Web Interface via secure channel
    When Web Interface 3.0/4.x was set as default Web Site, then the file webinterface.htm is placed in the IIS root (default %RootDrive%\Inetpub\wwwroot). Now the following line needs to be changed:

    window.location="Citrix/MetaFrame/";

    to

    window.location="httpS://FQDN_WI_SERVER/Citrix/MetaFrame/";
This way user can connect to FQDN_WI_SERVER using port 80 (HTTP) but they will be redirected to WI using HTTPS. Direct connection to http://FQDN_WI_SERVER/Citrix/MetaFrame/ will fail, since SSL is required. If direct connect should also supported, then a bit more scripting is required.

0 comments:

Post a Comment