I recently had the pleasure of working on a Citrix 5.0 implementation and I wanted to share a few things that I learned during that setup.  As many of you know, there are two deployment guides that have been made available by F5 Networks in regards to setting up Citrix Presentation Server 4.5 in TMOS versions 9.x and 10.x.  They are excellent guides and the best thing about them is that you can utilize those guides to assist you in deploying Citrix XenApp 5.0, with a few exceptions of course.  Those exceptions are what I will be covering in this tech tip.

Both of the previously mentioned deployment guides discuss editing files on the Citrix farms Web Interface servers so that it looks for the client IP address in the X-Forwarded-For HTTP header.  Otherwise, every connection will appear to be originating from the BIG-IP LTM and not from its true IP.  After reading both guides and looking at my current environment I was dismayed to find that the files and locations mentioned were no longer valid.  I then turned to my top three resources on the web in the search for an answer: AskF5, DevCentral and Google.

I struck out on the first two (which seldom happens) but my Google search did turn up some interesting results on the Citrix Forums.  I finally found some code posted by Sam Jacobs back in August 2009 that modifies the way the Citrix farm looks up the client IP address.  His method allows for the use of the X-Forwarded-For header.

The first file that you will want to find and edit is the Include.java file.  You will want to locate and change this file on every Web Interface XenApp server in the farm.  Speaking from experience, save a copy of the original file to a safe location such as your desktop or flash drive.  DO NOT copy the file and rename the original to Include.old and leave it on the server.  It may sound crazy, but doing that will not work.  I’m not a programmer, so I cannot tell you why that will not work, but I can tell you I know for a fact it will not.  That being said, here is the file path for the Include.java file:


Now that you have found the file, open it up with a text editor (I use Textpad) and find the Java routine named “getClientAddress”.  Replace the code for that routine with the code listed below.

public static String getClientAddress(WIContext wiContext) {
String ageClientAddress = AGEUtilities.getAGEClientIPAddress(wiContext);
String userIPAddress = wiContext.getWebAbstraction().getRequestHeader("X-FORWARDED-FOR");
if (userIPAddress == null) {
userIPAddress = wiContext.getWebAbstraction().getUserHostAddress();
return (ageClientAddress != null ? ageClientAddress : userIPAddress);

Save the file and wash/rinse/repeat this step on every Web Interface server in the farm.  The next thing that you will want to do is to modify the login page so that it displays the client IP address being obtained from the X-Forwarded-For header.  The file you will want to edit is called “loginView.ascx” and can be found in the following file path on your Web Interface Servers:


The code you will want to add is:

Client IP: <%= com.citrix.wi.pageutils.Include.getClientAddress(wiContext) %>

I added the code directly below the LoginPageControl viewControl line and it works well for me.  Save the file and repeat this step on every Web Interface server in the farm and reboot each Web Interface Server after you are done.  Then it is time for the moment of truth… fire up your browser of choice and navigate to the Citrix login page.  If you have successfully set everything up and have finished following the rest of the deployment guide you should see a screen similar to the one below:

If you receive an error message or the screen doesn’t load, then you might want to go back and check your settings again.  Then that’s it!  I am aiming to develop some custom monitors for the Web Interface Server and for the XML Broker Servers over the next few weeks.  Once I have those done I will put them out in the Devcentral forums for the community enjoy.

I am very happy to mention that the kind folks over at F5 Networks allowed me to submit this as a Tech Tip article which you can find on their site at:



4 comments so far

Add Your Comment
  1. The reason that you cannot make a copy of the Include.java file and leave it on the server is because all .java files in the directory (including the backup) are compiled, resulting in duplicate java classes.

  2. Thanks for explaining that Sam!

    I also wanted to update this and mention that f5 has released a new deployment guide for xenapp 5.0! Looks like they figured out those tricky monitors to.

  3. I used the Xenapp 5.0 DG and did not care for sending thedomain user’s password in plaintext to the XML broker, so I figured out what the WI would send to the XML broker and used that. In the config I had, the password was replaced with SID.
    The full writeup is on DevCentral -http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/44/aft/1177084/showtab/groupforums/Default.aspx

  4. many thanks