Re-enable Browser Password Saving (autofill, autocomplete) on Netscaler Gateway 11.1

when you update your netscaler to 11.1, you might notice, that the password saving option from browsers no longer works (most likely because of this issue: http://thehackernews.com/2017/01/browser-autofill-phishing.html). a customer requested to have this feature back – of course i advised against it, but it is a special use case on a seperate Netscaler Gateway instance.

anyway… i found out, that citrix does use dummy text fields (here is why: https://support.citrix.com/article/CTX202371)to trick the browsers autofill function and i simply developed some rewrite rules to delete them – additionally i do re-enable autofill on the textboxes. this solution could be optimized, but it works pretty good.

just adjust your_vpn_server and copy paste these rewrite rules to your netscaler:

enable ns feature REWRITE

add rewrite action delete_dummy_user delete_all "http.RES.BODY(120000).SET_TEXT_MODE(ignorecase)" -pattern "username_dummy.appendTo(right_user);"
add rewrite action delete_dummy_password delete_all "http.RES.BODY(120000).SET_TEXT_MODE(ignorecase)" -pattern "enter_passwd_dummy.appendTo(right_pass);"
add rewrite action delete_dummy_password2 delete_all "http.RES.BODY(120000).SET_TEXT_MODE(ignorecase)" -pattern "enter_passwd2_dummy.appendTo(right_pass2);"
add rewrite action replace_autocomplete replace_all "http.RES.BODY(120000).SET_TEXT_MODE(ignorecase)" "\"\'on\'\"" -pattern "\'off\'"
 
add rewrite policy pol_delete_dummy_user "HTTP.REQ.URL.EQ(\"/vpn/js/gateway_login_form_view.js\")" delete_dummy_user
add rewrite policy pol_delete_dummy_password "HTTP.REQ.URL.EQ(\"/vpn/js/gateway_login_form_view.js\")" delete_dummy_password
add rewrite policy pol_delete_dummy_password2 "HTTP.REQ.URL.EQ(\"/vpn/js/gateway_login_form_view.js\")" delete_dummy_password2
add rewrite policy rewrite_autocomplete "HTTP.REQ.URL.EQ(\"/vpn/js/gateway_login_form_view.js\")" replace_autocomplete

bind vpn vserver your_vpn_server -policy pol_delete_dummy_user -priority 100 -gotoPriorityExpression NEXT -type RESPONSE
bind vpn vserver your_vpn_server -policy pol_delete_dummy_password -priority 110 -gotoPriorityExpression NEXT -type RESPONSE
bind vpn vserver your_vpn_server -policy pol_delete_dummy_password2 -priority 120 -gotoPriorityExpression NEXT -type RESPONSE
bind vpn vserver your_vpn_server -policy rewrite_autocomplete -priority 130 -gotoPriorityExpression NEXT -type RESPONSE