Main
Page
Contents
Preface
Chapter 1 Introduction to Policies and Expressions
Chapter 2 Configuring Advanced Policies
Chapter 3 Configuring Advanced Expressions: Getting Started
Chapter 4 Advanced Expressions: Evaluating Text
Chapter 5 Advanced Expressions: Working with Dates, Times, and Numbers
Chapter 6 Advanced Expressions: Parsing HTTP, TCP, and UDP Data
Chapter 7 Advanced Expressions: Parsing SSL Certificates
Chapter 8 Advanced Expressions: IP and MAC Addresses, Throughput, VLAN IDs
Chapter 9 Advanced Expressions: String Sets, String Patterns, and Data Formats
Chapter 10 Advanced Policies: Controlling the Rate of Traffic
Chapter 11 Advanced Policies: Sending HTTP Service Callouts to Applications
Chapter 12 Configuring Classic Policies and Expressions
Appendix A Expressions Reference
Appendix D Tutorial Examples of Classic Policies
Appendix E Migration of Apache mod_rewrite Rules to Advanced Policies
Appendix F New Advanced Expression Operators in This Release
P
Preface
About This Guide
Page
New in This Release
Audience
Formatting Conventions
This documentation uses the following formatting conventions Formatting Conventions
Related Documentation
Getting Service and Support
Documentation Feedback
Introduction to Policies and Expressions
Advanced and Classic Policies
Benefits of Using Advanced Policies
Basic Components of an Advanced or a Classic Policy
How Different NetScaler Features Use Policies
NetScaler Feature, Policy Type, and Policy Usage
About Actions and Profiles
About Actions
About Profiles
Use of Actions and Profiles in Particular Features
About Policy Bindings
Following is an overview of different types of bind points for a policy:
Use of Actions and Profiles in Different NetScaler Features
About Evaluation Order of Policies
Order of Evaluation Based on Traffic Flow
Advanced and Classic Expressions
About Advanced Expressions
About Classic Expressions
About Migration from Classic to Advanced Policies and Expressions
Before You Proceed
Page
Configuring Advanced Policies
Creating or Modifying an Advanced Policy
Policy Configuration Examples
Binding Advanced Policies
Feature-Specific Differences in Policy Bindings
Feature-Specific Bindings for Advanced Policies
Bind Points and Order of Evaluation
Advanced Policy Evaluation Across Features
Entries in a Policy Bank
Evaluation Order Within a Policy Bank
How Policy Evaluation Ends
How Features Use Actions After Policy Evaluation
Binding a Policy Globally
Page
Binding a Policy to a Virtual Server
Displaying Policy Bindings
Unbinding an Advanced Policy
Page
Creating Policy Labels
Creating a Policy Label
Page
Binding a Policy to a Policy Label
Configuring a Policy Label or Virtual Server Policy Bank
Configuring a Policy Label
Page
Configuring a Policy Bank for a Virtual Server
Invoking or Removing a Policy Label or Virtual Server Policy Bank
Page
Configuring and Binding Policies with the Policy Manager
Page
Page
Page
Configuring Advanced Expressions: Getting Started
Expression Characteristics
Basic Elements of an Advanced Expression
Prefixes
Page
Single-Element Expressions
Operations
Basic Operations on Expression Prefixes
Compound Advanced Expressions
Booleans in Compound Expressions
Parentheses in Compound Expressions
Compound Operations for Strings
String-Based Operations for Compound Advanced Expressions
Compound Operations for Numbers
Page
Page
Page
Page
Page
Page
Page
Page
Classic Expressions in Advanced Expressions
Configuring Advanced Expressions in a Policy
Page
Page
Configuring Named Advanced Expressions
Configuring Advanced Expressions Outside the Context of a Policy
Page
Advanced Expressions: Evaluating Text
About Text Expressions
About Operations on Text
Compounding and Precedence in Text Expressions
Categories of Text Expressions
Guidelines for Text Expressions
Expression Prefixes for Text
Expression Prefixes for Text in HTTP Requests and Responses
Page
Page
Page
Page
Page
Page
Page
Page
Expression Prefixes for VPNs and Clientless VPNs
The following table describes the expression prefixes for this type of data.
Page
Page
Page
Page
Page
Page
Page
Page
Operations on Text
Basic Operations on Text
Operations for Calculating the Length of a String
Operations for Controlling Case Sensitivity
Complex Operations on Text
Operations on the Length of a String
Operations on a Portion of a String
You can extract a subset of a larger string using one of the operations in the following table.
Basic Operations on a Portion of a String
Operations on Strings Based on a Character Count
Operations for Comparing the Alphanumeric Order of Two Strings
Basic Operations on a Portion of a String
Extracting the nth Integer from a String of Bytes that Represent Text
Converting Text to a Hash Value
Encoding and Decoding Text by Applying the Base64 Encoding Algorithm
Refining the Search in a Rewrite Action by Using the EXTEND Operator
Converting Text to Hexadecimal Format
Page
Advanced Expressions: Working with Dates, Times, and Numbers
Format of Dates and Times in an Expression
Dates and Times in a Rewrite Action
Expressions for the NetScaler System Time
Page
Page
Page
Expressions for SSL Certificate Dates
The following table describes time-based operations on SSL certificates.
Page
Page
Page
Page
Page
Page
Page
Expressions for HTTP Request and Response Dates
Expression Prefixes for Numeric Data Other Than Date and Time
Page
Advanced Expressions: Parsing HTTP , TCP, and UDP Data
About Evaluating HTTP and TCP Payload
About Evaluating the Payload Body
Expressions for HTTP Headers
Prefixes for HTTP Headers
The following table describes expression prefixes that extract HTTP headers.
Page
Page
Page
Page
Page
Operations for HTTP Headers
Page
Page
Page
Prefixes for Cache-Control Headers
The following prefixes apply specifically to Cache-Control headers.
Operations for Cache-Control Headers
Prefixes That Extract Cache-Control Headers
Page
Operations That Evaluate Cache-Control Headers
Expressions for Extracting Segments of URLs
The following table describes prefixes for HTTP URLs that are not described elsewhere.
Expressions for Numeric HTTP Payload Data Other Than Dates
Prefixes That Extract URLs
Prefixes That Evaluate HTTP Request or Response Length
Operations for HTTP, HTML, and XML Encoding and Safe Characters
Prefixes That Evaluate HTTP Request or Response Length
Page
Page
Expressions for TCP, UDP, and VLAN Data
Prefixes that Extract TCP and UDP Data
XPath and JSON Expressions
Page
Page
Page
Page
Advanced Expressions: Parsing SSL Certificates
About SSL and Certificate Expressions
Prefixes for Text-Based SSL and Certificate Data
Prefixes for Numeric Data in SSL Certificates
Expressions for SSL Certificates
Page
Page
Page
Page
Page
Advanced Expressions: IP and MAC Addresses, Throughput, VLAN IDs
Expressions for IP Addresses and IP Subnets
Prefixes for IPV4 Addresses and IP Subnets
Operations for IPV4 Addresses
About IPv6 Expressions
Operations on IPV4 Addresses
Expression Prefixes for IPv6 Addresses
Operations for IPV6 Prefixes
The following table describes operations on IPv6 IP addresses:
Operations That Evaluate IPv6 Addresses
IPv6 Expression Prefixes that Return Text
Expressions for MAC Addresses
Prefixes for MAC Addresses
Operations for MAC Addresses
Expressions for Numeric Client and Server Data
Page
Advanced Expressions: String Sets, String Patterns, and Data Formats
Matching Text With Strings in a Set
Note: The patterns in a pattern set can be regular expressions in PCRE format.
Operators That Use a Pattern Set
Operators That Compare Text and HTTP Headers With a Pattern Set
Configuring a Pattern Set
Page
Page
Page
Matching Text With a Pattern
Basic Characteristics of Regular Expressions
Operations for Regular Expressions
The following table describes operations that use regular expressions.
Page
Page
Transforming Text and Numbers into Different Data Types
The following table describes various typecasting operations.
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Advanced Policies: Controlling the Rate of Traffic
About Policies that Monitor the Traffic Rate
Expressions for Controlling the Traffic Rate
Configuring Policies That Control the Traffic Rate
Advanced Policies: Sending HTTP Service Callouts to Applications
About Calling Out to an External Application
About HTTP Callout Policies
Note on the Format of an HTTP Request
Note on the Format of an HTTP Response
Configuring an HTTP Callout Policy
Elements in an HTTP Callout Policy
1. In the left navigation pane, expand AppExpert, and then click HTTP Callouts.
Elements in an HTTP Callout Policy
Page
For parameter descriptions, see the table, Elements in an HTTP Callout Policy, on page 188:
Where:
At a NetScaler command prompt, type:
Invoking an HTTP Callout Policy
If the return type is NUM, the following expression is valid:
Notes on Invoking a Callout
Page
Page
Configuring Classic Policies and Expressions
Where Classic Policies Are Used
Page
Policy Type and Bind Points for Policies in Features That Use Classic Policies
Viewing Classic Policies
Configuring a Classic Policy
Page
Configuring a Classic Expression
Page
Page
Page
Binding a Classic Policy
Page
Creating Named Classic Expressions
Page
Expressions Reference
Advanced Expressions
Page
Page
Page
Page
Requests and Responses, on page 67
Page
Page
Page
Page
Page
Page
Page
Classic Expressions
Operators
General Expressions
Page
Page
Client Security Expressions
Network-Based Expressions
Date/Time Expressions File System Expressions
Page
Note: File system expressions do not support regular expressions.
Built-In Named Expressions (General)
Page
Page
Built-In Named Expressions (Anti-Virus)
Built-In Named Expressions (Personal Firewall)
Built-In Named Expressions (Client Security)
A
PPENDIX
B
Summary Examples of Advanced Expressions and Policies
Page
Page
Page
Page
Page
Page
Page
Tutorial Examples of Advanced Policies for Rewrite
Redirecting an External URL to an Internal URL
Page
Redirecting a Query
Redirecting HTTP to HTTPS
Removing Unwanted Headers
Reducing Web Server Redirects
Masking the Server Header
Page
A
D
Tutorial Examples of Classic Policies
Access Gateway Policy to Check for a Valid Client Certificate
Application Firewall Policy to Protect a Shopping Cart Application
Page
Page
Application Firewall Policy to Protect Scripted Web Pages
DNS Policy to Drop Packets from Specific IPs
SSL Policy to Require Valid Client Certificates
Page
A
E
Migration of Apache mod_rewrite Rules to Advanced Policies
Converting URL Variations into Canonical URLs
Converting Host Name Variations to Canonical Host Names
Moving a Document Root
Moving Home Directories to a New Web Server
Working with Structured Home Directories
Redirecting Invalid URLs to Other Web Servers
264 Citrix NetScaler Policy Configuration and Reference Guide
NetScaler solution for redirection if a URL is wrong (method 2)
Rewriting a URL Based on Time
Apache mod_rewrite solution for rewriting a URL based on the time
NetScaler solution for rewriting a URL based on the time
Redirecting to a New File Name (Invisible to the User)
Redirecting to New File Name (User-Visible URL)
Accommodating Browser Dependent Content
Blocking Access by Robots
Blocking Access to Inline Images
Creating Extensionless Links
Page
Redirecting a Working URI to a New Format
Ensuring That a Secure Server Is Used for Selected Pages
Apache mod_rewrite solution
NetScaler solution using regular expressions
NetScaler solution using pattern sets
Page
A
F
New Advanced Expression Operators in This Release
Operators for Extracting and Evaluating Numeric Data
Operators for Extracting and Evaluating Text
The following operators have been introduced for extracting and evaluating text.
New Operators for Extracting and Evaluating Numeric Data
New Operators for Evaluating Text
Operators for Extracting and Evaluating HTTP Data
Operators for the CLIENT and ipv6 Expression Prefixes
XPath and JSON Operators for Evaluating XML and JSON Data
The following operators have been introduced for evaluating XML and JSON text.
Operators for Evaluating Groups to Which a User Belongs
XPath and JSON Operators for Evaluating XML and JSON Text
Operators for Evaluating Groups to Which a User Belongs
Index
A
B
C
Page
D
E
Page
F
G
H
I
L
M
N
O
P
Page
Q
R
S
T
U