EPA scans are not for everyone

EPA scans are not for everyone

8:40 PM
EPA scans are not for everyone -

A client of one of my colleagues Citrix Consulting has recently proposed an interesting request.
Like many others, they use Citrix NetScaler Enterprise Access Gateway edition module to grant secure remote access remote applications and desktops.
more, they use a customer management solution and software distribution to deploy the EPA plugin on client computers and therefore wanted to remove Access Gateway with the EPA scan plugin for download through the browser. This introduces a further level of control over which the client has the right to connect through Access Gateway.

One approach restricting certain groups of users to connect using group memberships is a common scenario, but in this case the client's intention to limit the endpoints, not users . When end users lack administrative permissions to install custom software, which prevents the download is indeed an effective measure.

A job for Citrix Consulting!

As you know, Access Gateway Enterprise Edition provides two ways to manage Endpoint analysis (EPA) scans - before and after authentication. Therefore, there are two procedures.

The formal requirements

  • Remove the download button displayed when accessing the virtual server plugin AGED and not detected by the browser or if the plugin is obsolete
  • Change the text of the message that refers users to contact their system administrator if they think the plugin must be installed.
  • When using a scan EPA post-authentication, add a button "logout".

EPA Scan dialogue

backup
as a precaution, we want to make backup copies of all the relevant files:

  • /netscaler/ns_gui/epa/epa.html
  • /netscaler/ns_gui/vpns/postepa.html
  • / NetScaler / ns_gui_vpn / resources / en .xml (and any other language you want to customize)

Note: The following changes were made on a NetScaler 10 build 71.6. For later, the line numbers or the code may change slightly.

pre-authentication procedure EPA

/ NetScaler / ns_gui / epa / epa.html

  • delete the line 371 (download button)
  • Change the "id" in line 367:
      - delete "to install or upgrade the software click the download"
      - add

/ NetScaler / ns_gui / vpn / resources / in "If the plugin is not installed, please contact your system administrator.". xml (or any other language for that matter)

  • below the line add 17 If the plugin is not installed, please contact your system administrator.

The result looks like this:

customized pre-auth EPA scan dialogue

post-authentication procedure EPA
/ NetScaler / ns_gui / vpns / postepa.html

  • Clear the line 409 (download button)
  • below line 404 add:




This adds a logout button

  • Change id in line 404 :.
      - delete "To install or upgrade the software, click download"
      - ". If the plugin is not installed, please contact your system administrator and disconnect" add
  • below line 380 add:
    ns_logout function ()
    {
    window.location.assign ( '/ cgi / logout') ;.
    }

This provides the disconnect function via JavaScript

/ NetScaler / ns_gui / vpn / resources / en.xml (or any other language for that matter)

  • below line 49 add:
    If the plugin is not installed, please contact your system administrator and disconnect.
    Log out

Before testing, make sure you disable your browser cache.

Cross-boot Persistence
You can use symbolic links to point to a custom file on NetScaler from the original directory or copy of the well-known startup script described at http : //support.citrix.com/ Article / CTX122271 to make changes persistent across reboots.

support
Although this customization has been tested by me using IE9, Firefox 16 and Chrome 22, it is not officially supported by Citrix. . Before contacting Citrix Support on a problem with Access Gateway Enterprise Edition you need to undo changes made by restoring the backup copies of the files we changed above

In other words, our usual warning applies:

This code is provided "as is" without representation, warranty or condition of any kind. You can use and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES, EITHER EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that (a) the software application may have errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (B) it may not be possible to fully functional software application; and (c) Citrix may, without notice or liability to you, cease to provide the current and / or future versions of the software application. In any case, the code must be used to support ultra-hazardous activities, including but not limited to life support or blasting operations. CITRIX, ITS AFFILIATES OR AGENTS BE LIABLE FOR BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY FOR ANY DAMAGES ARISING FROM THE USE OF THE APPLICATION SOFTWARE, INCLUDING WITHOUT LIMITATION DIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL OTHER SPECIAL, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. You agree to indemnify and defend Citrix against any claim arising from your use, modification or distribution of the code.

Next
« Prev Post
Previous
Next Post »
0 Komentar

Subscribe to: Post Comments (Atom)