CJHarms

add vpn sessionAction sess_act_UG_VPN -transparentInterception ON -defaultAuthorizationAction ALLOW -ClientChoices ON -clientlessVpnMode ON
add vpn sessionAction sess_act_NativeReceiver -splitTunnel OFF -transparentInterception OFF -defaultAuthorizationAction ALLOW -SSO ON -icaProxy ON -wihome "https://storefront.example.com/Citrix/Store" -ClientChoices OFF -ntDomain CORP -clientlessVpnMode OFF -storefronturl "https://storefront.example.com"
add vpn sessionAction sess_act_Web -transparentInterception ON -defaultAuthorizationAction ALLOW -SSO ON -icaProxy ON -wihome "https://storefront.example.com/Citrix/Store" -ClientChoices ON -ntDomain CORP -clientlessVpnMode OFF

add vpn sessionPolicy sess_pol_UG_VPN ns_true sess_act_UG_VPN
add vpn sessionPolicy sess_pol_NativeReceiver "REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver && REQ.HTTP.HEADER User-Agent NOTCONTAINS CitrixVPN && REQ.HTTP.HEADER User-Agent NOTCONTAINS NSGiOSplugin" sess_act_NativeReceiver
add vpn sessionPolicy sess_pol_Web "REQ.HTTP.HEADER User-

CJHarms

add cs action cs_act_exchange_owa_rpc_ews -targetLBVserver vsrv_exchange_owa
add cs action cs_act_exchange_activesync -targetLBVserver vsrv_exchange_activesync
add cs action cs_act_exchange_autodiscover -targetLBVserver vsrv_exchange_owa

add cs policy cs_pol_exchange_owa_rpc_ews -rule "HTTP.REQ.URL.PATH.TO_LOWER.STARTSWITH(\"/owa\") || HTTP.REQ.URL.PATH.TO_LOWER.STARTSWITH(\"/rpc\") || HTTP.REQ.URL.PATH.TO_LOWER.STARTSWITH(\"/ews\")" -action cs_act_exchange_owa_rpc_ews
add cs policy cs_pol_exchange_activesync -rule "HTTP.REQ.URL.PATH.TO_LOWER.STARTSWITH(\"/Microsoft-Server-ActiveSync\")" -action cs_act_exchange_activesync
add cs policy cs_pol_exchange_autodiscover -rule "HTTP.REQ.HOSTNAME.CONTAINS(\"autodiscover.domain.com\") && HTTP.REQ.URL.PATH.TO_LOWER.STARTSWITH(\"/autodiscover\")" -action cs_act_exchange_autodiscover

CJHarms

add rewrite action rw_act_insert_belowloginbtn insert_after_all "HTTP.RES.BODY(120000).SET_TEXT_MODE(IGNORECASE)" q{"var login_belowbtn=$(\"<div>Insert Code Here</div>\").appendTo(right_loginbutton);"} -pattern ".appendTo(right_loginbutton);"
add rewrite policy rw_pol_insert_belowloginbtn "HTTP.REQ.URL.CONTAINS(\"gateway_login_form_view.js\")" rw_act_insert_belowloginbtn
 
add rewrite action rw_act_insert_belowloginbtn insert_after_all "HTTP.RES.BODY(120000).SET_TEXT_MODE(IGNORECASE)" q{"var login_below_btn=$(\"<div style='text-align:center'>Insert Code Here</div>\").appendTo(logonbox_logonform);"} -pattern "logonbox_logonform.append(box_view);"
add rewrite policy rw_pol_insert_belowloginbtn "HTTP.REQ.URL.CONTAINS(\"gateway_login_view.js\")" rw_act_insert_belowloginbtn

add rewrite action rw_act_insert_loginfooter insert_after_all "HTTP.RES.BODY(120000).SET_TEXT_MODE(IGNORECASE)" q{"var login_footer=$(\"<div style='color:yellow;font-size:15px;'>Insert Code Here</div>\").appendTo(logonbelt_bottomshadow);"} -pa

CJHarms

add cs policy cs_pol_adfs -rule "HTTP.REQ.HOSTNAME.SET_TEXT_MODE(IGNORECASE).EQ(\"HOSTNAME.example.com\") && HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(\"/adfs\")"

add rewrite action rw_act_adfs_ProxyHeader insert_http_header X-MS-Proxy "\"NETSCALER\""
add rewrite action rw_act_adfs_MexPath replace HTTP.REQ.URL.PATH_AND_QUERY "\"/adfs/services/trust/proxymex\" + HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).PATH_AND_QUERY.STRIP_START_CHARS(\"/adfs/services/trust/mex\").HTTP_URL_SAFE"
add rewrite policy rw_pol_adfs_ProxyHeader "http.REQ.URL.TO_LOWER.STARTSWITH(\"/adfs\")" rw_act_adfs_ProxyHeader
add rewrite policy rw_pol_adfs_Mex "http.REQ.URL.TO_LOWER.STARTSWITH(\"/adfs/services/trust/mex\")" rw_act_adfs_MexPath

add lb monitor mon_adfs HTTP -httpRequest “HEAD /adfs/probe” -respCode 200 -LRTM ENABLED -secure NO -destPort 80

CJHarms

add responder action rsp_act_letsencrypt_acme_challenge respondwithhtmlpage acme -responseStatusCode 200 -reasonPhrase "\"vlV3cdW_uyw1V0z_qQhMwurlBEDgw9CD1lsIs8daTQ.FR3tCD9zRT-8HjUHuoh53J1ZgHgW_c4FdJIqIrgf_zI\""

add responder policy rsp_pol_letsencrypt_acme_challenge "HTTP.REQ.URL.EQ(\"/.well-known/acme-challenge/vlVb3cd_uyw1V0z_qQhMwFAI9BEDgw9urllsIs8daTQ\")" rsp_act_letsencrypt_acme_challenge

CJHarms

add rewrite action rw_act_PW2_replace replace_all "http.RES.BODY(120000).SET_TEXT_MODE(ignorecase)" "\"Token Code:\'\"" -pattern "\"Password2\"" -refineSearch q/extend(50,50).REGEX_SELECT(re![ ]*\'[ ]*\+[ ]*_\(\"Password2\"\)[ ]*!)/
add rewrite action rw_act_PW1_delete delete_all "http.RES.BODY(120000).SET_TEXT_MODE(ignorecase)" -pattern "document.write(\' 1\');"
add rewrite action rw_act_PW1_replace replace_all "http.RES.BODY(120000).SET_TEXT_MODE(ignorecase)" "\"Password\'\"" -pattern "\"Password\"" -refineSearch q/extend(50,50).REGEX_SELECT(re![ ]*\'[ ]*\+[ ]*_\(\"Password\"\)[ ]*!)/

add rewrite policy rw_pol_PW1_replace "http.req.url.path.endswith(\"vpn/login.js\")" rw_act_PW1_replace
add rewrite policy rw_pol_PW2_replace "http.req.url.path.endswith(\"vpn/login.js\")" rw_act_PW2_replace
add rewrite policy rw_pol_PW1_delete "http.req.url.path.endswith(\"vpn/login.js\")" rw_act_PW1_delete

CJHarms

add rewrite action rw_act_insert_XSS_header insert_http_header X-Xss-Protection "\"1; mode=block\""

add rewrite policy rw_pol_enforce_XSS TRUE rw_act_insert_XSS_header

CJHarms

add rewrite action rw_act_insert_XFrame_header insert_http_header X-Frame-Options "\"SAMEORIGIN\""

add rewrite policy rw_pol_enforce_XFrame TRUE rw_act_insert_XFrame_header

CJHarms

add rewrite action rw_act_insert_XContent_header insert_http_header X-Content-Type-Options "\"nosniff\""

add rewrite policy rw_pol_enforce_XContent TRUE rw_act_insert_XContent_header

CJHarms

add rewrite action rw_act_insert_HSTS_header insert_http_header Strict-Transport-Security "\"max-age=157680000; includeSubDomains; preload\""

add rewrite policy rw_pol_enforce_HSTS TRUE rw_act_insert_HSTS_header