194 Citrix NetScaler Policy Configuration and Reference Guide

sys.http_callout(authCallout).contains("someText")

If the return type is NUM, the following expression is valid:

sys.http_callout(authCallout).gt(500)

The following example shows the use of SYS.HTTP_CALLOUT to retrieve a source IP address and insert it in a header of an HTTP request. (Bold is used for emphasis.)

set policy httpCallout extractSrcIPCallout -ipAddress 10.101.

10.10-port 80 -returnType text -hostExpr "\"10.101.10.10\"" -urlStemExpr "\"/mysite/index.html\"" -resultExpr 'server.ip. src'

add rewrite action insertSrcIPAction insert_http_header Name

"sys.http_callout(extractSrcIPCallout)" -bypassSafetyCheck yes

add rewrite policy insertSrcIPPolicy "http.req. header(\"MyHeader\").exists" insertSrcIPAction

bind rewrite global insertHostHeaderPolicy 100 END -type req_default

The following example shows the use of SYS.HTTP_CALLOUT to retrieve notification regarding whether a client IP address is blocked from a server and configure a “You are banned” message in the Responder. (Bold is used for emphasis.)

add policy httpCallout blockedCalloutPolicy

set policy httpCallout blockedCalloutPolicy -returnType text -ipAddress 10.100.10.10 -port 80 -fullReqExpr '"Get /cgi-bin/is_ip_blocked?ip="+ client.ip.src + "http/1.1\r\n" + "Host: my_server\r\n\r\n"' -resultExpr 'http.res. header("Result")'

add responder action blockedResponderAction respondwith

'"HTTP/1.1 200OK\r\n Content=Length: 17 \r\n\r\nYour IP is banned"'

add responder policy blockedResponderPolicy "http.req.url. eq("/") && sys.http.callout(blockedCalloutPolicy). eq("Blocked") blockedResponderAction

bind responder global blockedResponderPolicy 100 END -type res_override

Notes on Invoking a Callout

When invoking an HTTP callout in a policy or an action, be sure that the callout invocation does not trigger additional callouts. For example, a policy should not invoke an HTTP callout named MyCalloutPL if the policy expression contains the URL /mycallout.pl. The following is an example:

Page 208
Image 208
Citrix Systems 9.2 manual If the return type is NUM, the following expression is valid