浏览器反对tent redirection

浏览器反对tent redirection prevents the rendering of webpages in the allow list on the VDA side. This feature uses Citrix Workspace app to instantiate a corresponding rendering engine on the client side, which fetches the HTTP and HTTPS content from the URL.

注意:

You can specify that webpages be redirected to the VDA side (and not redirected on the client side) by using a block list.

This overlay web layout engine runs on the endpoint device instead of on the VDA and uses the endpoint CPU, GPU, RAM, and Network.

Only the browser viewport is redirected. The viewport is the rectangular area in your browser where content displays. The viewport doesn’t include things like the Address Bar, Favorites Toolbar, Status Bar. Those items are in the user interface, which are still running on the browser in the VDA.

1. Configure a policy in the Manage > Full Configuration interface that specifies the Access Control List containing the URLs for redirection from the allow or block lists. For the browser on the VDA to detect that the URL that the user is navigating to matches the allow list or does not match a block list, a browser extension performs the comparison. The browser extension (BHO) for Internet Explorer 11 is included in the installation media and is installed automatically. For Chrome, the browser extension is available in the Chrome Web Store, and you can deploy it using the Group Policies and ADMX files. Chrome extensions are installed on a per-user basis. Updating a golden image to add or remove an extension is not required.
2. If a match is found in the allow list (for examplehttps://www.mycompany.com/), and there is no match to a URL in the block list (for examplehttps://www.mycompany.com/engineering), a virtual channel (CTXCSB) instructs Citrix Workspace app that a redirection is required and relays the URL. Citrix Workspace app then instantiates a local rendering engine and displays the website.
3. Citrix Workspace app then blends back the website into the virtual desktop browser content area seamlessly.

The color of the logo specifies the status of the Chrome extension. It is one of these three colors:

• Green: Active and connected.
• Gray: Not active/idle on the current tab.
• Red: Broken/Not working.

You can debug logging by usingOptionsin the extensions menu.

Here are scenarios of how Citrix Workspace app fetches content:

• Server fetch and server render: There is no redirection because you didn’t add the site to the allow list or the redirection failed. We fall back to rendering the webpage on the VDA and use Thinwire to remote the graphics. Use policies to control the fallback behavior. High CPU, RAM, and bandwidth consumption on the VDA.

• Server fetch and client render: Citrix Workspace app contacts and fetches content from the web server through the VDA using a virtual channel (CTXPFWD). This option is useful when the client doesn’t have internet access (for example, thin clients). Low CPU and RAM consumption on the VDA, but bandwidth is consumed on the ICA virtual channel.

  There are three modes of operation for this scenario. The term proxy refers to a proxy device that the VDA accesses to gain Internet access.

  Which policy option to choose:

  • Explicit Proxy - If you have a single explicit proxy in your Datacenter.
  • Direct or Transparent - If you do not have proxies, or if you use transparent proxies.
  • PAC files - If you rely on PAC files so browsers in the VDA can automatically choose the appropriate proxy server for fetching a specified URL.

• Client fetch and client render:因为Citrix工作区应用接触网络rver directly, it requires internet access. This scenario offloads all the network, CPU, and RAM usage from your XenApp and XenDesktop Site.

Fallback mechanism:

可能有客户重定向失败的时候. For example, if the client machine does not have direct internet access, an error response might go back to the VDA. In such cases, the browser on the VDA can then reload and render the page on the server.

You can suppress server rendering of video elements by using the existingWindows media fallback preventionpolicy. Set this policy toPlay all content only on clientorPlay only client-accessible content on client. These settings block video elements from playing on the server if there are failures in client redirection. This policy takes effect only when you enable browser content redirection and theAccess Control Listpolicy contains the URL that falls back. The URL can’t be in the block list policy.

System requirements:

Windows endpoints:

• Windows 10 or 11
• Citrix Workspace app 1809 for Windows or later

注意:

浏览器反对tent redirection is supported only on the Current Release of Citrix Workspace app for Windows, but not on the Citrix Workspace app LTSR releases, 1912 and 2203.1.

Linux endpoints:

• Citrix Workspace app 1808 for Linux or later
• Citrix Receiver for Linux 13.9 or later
• Thin client terminals must include WebKitGTK+

Citrix Virtual Apps and Desktops 7 1808 and XenApp and XenDesktop 7.15 CU5, 7.18, 7.17, 7.16:

• VDA operating system: Windows 10 (minimum version 1607), Windows Server 2012 R2, Windows Server 2016

• Browser on the VDA:

  • Google Chrome v66 or higher (Chrome requires Citrix Workspace app 1809 for Windows on the user endpoint, Citrix Virtual Apps and Desktops 7 1808 VDA, and the browser content redirection extension)

  • Internet Explorer 11 and configure these options:

    • ClearEnhanced Protected Modeunder:Internet Options>Advanced > Security
    • CheckEnable third-party browser extensionsunder:Internet Options > Advanced > Browsing

Troubleshooting

For troubleshooting information, see the Knowledge Center articlehttps://support.citrix.com/article/CTX230052

浏览器反对tent redirection Chrome extension

To use browser content redirection with Chrome, add the browser content redirection extension from the Chrome Web Store. ClickAdd to Chromein the Citrix Virtual Apps and Desktops environment.

The extension isnotrequired on the user’s client machine – only in the VDA.

System requirements

• Chrome v66 or higher
• 浏览器反对tent redirection extension
• Citrix Virtual Apps and Desktops 7 1808 or higher
• Citrix Workspace app 1809 for Windows or higher

注意:

浏览器反对tent redirection is supported only on the Current Release of Citrix Workspace app for Windows, but not on the Citrix Workspace app LTSR releases, 1912 and 2203.1.

This method works for individual users. To deploy the extension to a large group of users in your organization, deploy the extension using Group Policy.

Deploy the extension using Group Policy

1. Import the Google Chrome ADMX files into your environment. For information about downloading policy templates and installing and configuring the templates into your Group Policy Editor, seeSet Chrome Browser policies on managed PCs.

2. Open your Group Policy Management console and go toUser Configuration \ Administrative Templates\Classic Administrative Templates (ADM) \ Google\ Google Chrome \ Extensions. Enable theConfigure the list of force-installed apps and extensionssetting.

   

3. ClickShowand type the following string, which corresponds to the extension ID. Update the URL for the browser content redirection extension.

   hdppkjifljbdpckfajcmlblbchhledln; https://clients2.google.com/service/update2/crx

   

4. Apply the setting and after agpupdaterefresh, the user automatically receives the extension. If you launch the Chrome browser in the user’s session, the extension is already applied and they cannot remove it.

   Any updates to the extension are automatically installed on the users’ machines through the update URL that you specified in the setting.

   If theConfigure the list of force-installed apps and extensionssetting is set toDisabled, the extension is automatically removed from Chrome for all users.

浏览器反对tent redirection Edge Chromium extension

To install the browser content redirection extension in Edge, make sure you have version83.0.478.37or higher of the Edge browser installed.

1. Click theExtensionsoption in the menu and turn onAllow extensions from other stores.
2. Click theChrome Web Storelink and the extension appears at the bar on the top right. For more info on Microsoft Edge extensions, seeExtensions.

浏览器反对tent redirection and DPI

When using browser content redirection with the DPI (scaling) set to anything over 100% on the user’s machine, the redirected browser content screen displays incorrectly. To avoid this issue, do not set the DPI when using browser content redirection. Another way to avoid the issue is by disabling browser content redirection GPU acceleration for Chrome by creating the registry key on the user’s machine. For information, see浏览器反对tent redirection and DPIin the list of features managed through the registry.

User-agent request header

The user-agent header helps identify HTTP requests sent from browser content redirection. This setting can be useful when you configure proxy and firewall rules. For example, if the server blocks the requests sent from browser content redirection, you can create a rule that contains the user-agent header to bypass certain requirements.

Only Windows devices support the user-agent request header.

By default, the user-agent request header string is disabled. To enable the user-agent header for client-rendered content, use the Registry editor. For information, seeUser-agent request headerin the list of features managed through the registry.