For anyone who may be interested, to get this working, follow http://support.citrix.com/article/CTX111080 using "X-FORWARDED-FOR" instead of "HTTP_CLIENTIP" (I was trying to use "HTTP_X_FORWARDED_FOR", which is apparently incorrect). ________________________________ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jay Moock Sent: Tuesday, July 07, 2009 2:51 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] WI 5.1 and CSG 3.3.1 on Same Server Hello, I am hoping someone can help me out with something. I have a server that has both the Web Interface 5.1 and Secure Gateway 3.1.1 installed, and I am having issues with it not recognizing the correct client IP for the access methods that I have set up. In a nutshell, it sees all connections as coming from itself. What I want to achieve is to have everyone access the server on port 443 (which is what CSG listens on), and if they are coming from one of our internal subnets, access the Citrix servers directly, otherwise access through CSG. Without editing any of the .java files, all connections go direct (as one of the subnets defined for Direct access is the same subnet the CSG server is on). I have set this up successfully on WI 4.5 and CSG 3.0 by implementing http://support.citrix.com/article/CTX108803, but of course none of those mods apply any more. I've tried to apply the changes mentioned in http://support.citrix.com/article/CTX111080, using HTTP_X_FORWARDED_FOR instead of HTTP_CLIENTIP in Include.java, and this does make a difference in its behavior (all connections go through CSG regardless of the access method defined for the given subnet), but this isn't what I want either. I think I am close, but I just lack the knowledge of what else needs to be changed. I realize I am breaking a rule by not having the CSG in a DMZ, but since I was able to get this to work before, I am hoping I can continue my bad practices on the current versions. :) If I access the server on port 80, everything works as expected. I really don't want to allow this though, especially for people coming in from the outside. Any input would be appreciated. Thanks, Jay