204 Citrix NetScaler Policy Configuration and Reference Guide

You read the expression from left to right. The leftmost term is either REQ, designating a request, or RES, designating a response. Successive terms define a specific type of connection and specific attribute of that connection type. Each term is separated from any preceding or following terms with a period. Arguments appear in parentheses following the term to which they apply.

In the example, the IP parameter identifies an IP address in the request. Finally, the term SOURCEIP designates the source IP address rather than the destination IP address.

This expression fragment may not be useful by itself. You can extend an expressio to determine whether the returned value meets specific criteria.The following expression tests whether the client source IP is in the subnet 200.0.0.0/ 8, and returns a boolean TRUE value if the client IP is located within the designated network:

REQ.IP.SOURCEIP == 200.0.0.0 -netmask 255.0.0.0

To configure an expression in a classic policy using the configuration utility

1.To create a new expression, in the Create Policy dialog box you typically click Add. Note that for Content Switching policies, you click Configure to view the expression configuration dialog box.

2.In the Add Expression dialog box, under Flow Type, choose a flow type.

The flow type is typically REQ or RES. The REQ option specifies that the policy will apply to all incoming connections, or requests. The RES option applies the policy to all outgoing connections, or responses.

For Application Firewall policies, you should leave the expression type set to General Expression, and the flow type set to REQ. The Application Firewall treats each request and response as a single paired entity, so all Application Firewall policies begin with REQ.

3.Under Protocol, click the down arrow and choose the protocol you want for your policy expression. Your choices are:

HTTP. Evaluates HTTP requests that are sent to a Web server. In classic expressions, HTTP includes HTTPS requests, as well.

SSL. Evaluates SSL data associated with the current connection.

TCP. Evaluates the TCP data associated with the current connection.

IP. Evaluates the IP addresses associated with the current connection.

4.In the Qualifier list box, and choose a qualifier for your policy.

The qualifier defines the type of data to be evaluated. The list of qualifiers that appears depends on which protocol you selected in the previous step. The following list describes the qualifier choices for the HTTP protocol.

Page 218
Image 218
Citrix Systems 9.2 manual REQ.IP.SOURCEIP == 200.0.0.0 -netmask