Automatic Proxy Detection
The following steps describe how the Win32 ICA Client determines proxy settings automatically:
1. Automatic proxy detection is triggered when ProxyType=Auto is found in the current ICA
file or Appsrv.ini.
2. The ICA Client reads the registry value HKEY_CLASSES_ROOT\.htm to determine the
workstation’s default browser. This value can be observed by typing assoc .htm at a
command prompt. The value will be htmlfile if Internet Explorer is the default browser or
MozillaHTML if Netscape is the default browser.
3. The Proxy settings for the default browser are read from the registry or the user’s profile
according to which browser is the default:
§ For Internet Explorer, proxy settings are retrieved using WinHTTP API calls from
WinInet.dll. WinInet stores proxy information in the registry beneath
§ For Netscape, proxy settings are read from the user’s profile beneath Application
Data\Mozilla\Profiles\default in a file named prefs.js.
4. If the web browser proxy settings point to a PAC script, the ICA Client performs an HTTP
GET request to download the PAC script, then invokes the native Windows JScript
interpreter to parse the script. This step requires JScript support to be enabled in Windows
and relies on JSCRIPT.DLL.
5. If the default browser is Internet Explorer and “Automatically detect settings” is enabled, the
setting is ignored and the Win32 ICA client attempts a direct connection.
Determining the Client Network Address
When configuring Web Interface address translation or client-side firewall settings, it is important to
remember that all internet traffic coming through a reverse proxy or a proxy-based firewall will
appear to Web Interface as though it originated at the nearest proxy server.
For any HTTP server session, an HTTP server variable called REMOTE_ADDR will be present.
The value of REMOTE_ADDR is the TCP return address of the traffic that arrived at the Web server.
When clients access the Web server directly, REMOTE_ADDR is the actual IP address of the client
device. Web Interface and MetaFrame Secure Access Manager rely on the value of this variable to
make decisions about address translation and client-side proxy servers based on client location.
When traffic is routed through one or more proxy servers, the value of REMOTE_ADDR will always
be the address of the proxy server nearest to the web server, not the true client address. From a
networking point of view, a single HTTP(S) session might traverse multiple TCP segments.
REMOTE_ADDR will be the return address for the TCP session which finally connects to the target
Therefore, any “client network address” settings made in the Web Interface Console (WIAdmin) for
Network Address Translation or Client-side Proxy Server settings that are intended to apply to
external users must be defined using the IP address of the nearest proxy server. It is this return
address which should be entered as the “Client subnet” address in a Specific proxy settings rule.
You can view the value of REMOTE_ADDR using debug.asp from CTX052061:
CTX052061 – Citrix Web Server Debugging & Analysis Tool
Or use the following line of code in an ASP script:
REMOTE_ADDR is <%= Request.ServerVariables("REMOTE_ADDR") %>