[ASP.NET]虛擬桌面軟體Citrix對Request.Headers的影響

[ASP.NET]虛擬桌面軟體Citrix對Request.Headers的影響

今天在處理一家客戶問題時發現一個有趣的東西,一般我們連線到客戶端,大多是透過VPN或者提供外部IP來連線,然後搭配遠端遙控工具如:遠端桌面、PCAnyWhere、VNC等方法來進行,但今天客戶提供給我們的連線方式叫做:Citrix,這個工具提供的功能有點類似虛擬桌面,功能我沒有很仔細的去探討,只覺得這種東西在未來會愈來愈普遍,所以今天遭遇得問題,在之後可能會變成是家常便飯,以下特別提出來做些說明:

我們在程式中有用到Request.Headers["Accept-Language"],在正常的使用情況下這個值都會被抓到,但今天卻發現透過Citrix這套軟體來連線時Request.Headers["Accept-Language"]卻怎麼都是null,好奇之下上網查了一下這工具對Header是否有做例外處理,結果找到這篇:How the Citrix Application Firewall Affects Web Applications

以下作一些簡單的內容擷取:

The Application Firewall will add, modify or delete headers in the HTTP(s) request or response to maintain the security of the application.

Request Headers the Application Firewall Drops

Many of the request headers dropped by the AF are related to caching. Caching headers in HTTP(S) requests must be dropped so the Application Firewall can view every request within the context of a session.
The request may include an encoding header to tell the web server that it can accept compressed responses. The AF will delete the encoding header to prevent the web server from compressing the response before sending it to the AF.

image

Request Header the Application Firewall Modifies

If a web browser uses the HTTP/1.0 or earlier protocols, the browser will continually open and close the TCP socket connection after receiving each response. That adds overhead to the web server and prevents maintaining session state. The HTTP/1.1 protocol allows the connection to remain open for the duration of the session. The AF will modify the following request header to use HTTP/1.1 between the AF and the web server regardless of the protocol used by the web browser:

...這份文件其實並沒有提到對Request.Headers["Accept-Language"]的異動,但它對Headers確實做了蠻多的手腳,不管是Response或者Request都是,針對這部分程式做了一些修正後,就確實work了。

這一類的問題在未來勢必愈來愈多,有必要多做些了解。

游舒帆 (gipi)

探索原力Co-founder,曾任TutorABC協理與鼎新電腦總監,並曾獲選兩屆微軟最有價值專家 ( MVP ),離開職場後創辦探索原力,致力於協助青少年培養面對未來的能力。認為教育與組織育才其實息息相關,都是在為未來儲備能量,2018年起成立為期一年的專題課程《職涯躍升的關鍵24堂課》,為培養台灣未來的領袖而努力。