Rewriting a URL Based on Time | Citrix Systems 9.2 specs

264 Citrix NetScaler Policy Configuration and Reference Guide

add responder policy pol1 '!HTTP.REQ.HEADER("Name").EXISTS && !SYS.HTTP_CALLOUT(call)' act1

bind responder global pol1 100

NetScaler solution for redirection if a URL is wrong (method 2)

add HTTPCallout Call

set policy httpCallout Call -IPAddress 10.102.59.101 -port 80 -hostExpr '"10.102.59.101"' -returnType BOOL -ResultExpr 'HTTP.RES.BODY(100).CONTAINS("True")' -urlStemExpr '"/cgi-bin/ file_check.cgi"' -parameters query=http.req.url.path -headers Name("ddd")

add responder action act1 respondwith '"HTTP/1.1 302 Moved Temporarily\r\nLocation: http:// webserverB.com"+HTTP.REQ.URL+"\r\n\r\nHTTPCallout Used"' -bypassSafetyCheck yes

add responder policy pol1 '!HTTP.REQ.HEADER("Name").EXISTS && !SYS.HTTP_CALLOUT(call)' act1

bind responder global pol1 100

Rewriting a URL Based on Time

You can rewrite a URL based on the time. The following examples change a request for example.html to example.day.html or example.night.html, depending on the time of day.

Apache mod_rewrite solution for rewriting a URL based on the time

RewriteCond %{TIME_HOUR}%{TIME_MIN} >0700

RewriteCond %{TIME_HOUR}%{TIME_MIN} <1900

RewriteRule ^example\.html$ example.day.html [L]

RewriteRule ^example\.html$ example.night.html

NetScaler solution for rewriting a URL based on the time

add rewrite action act1 insert_before 'HTTP.REQ.URL.PATH.SUFFIX(\'.\',0)' '"day."'

add rewrite action act2 insert_before 'HTTP.REQ.URL.PATH.SUFFIX(\'.\',0)' '"night."'

add rewrite policy pol1 'SYS.TIME.WITHIN(LOCAL 07h 00m,LOCAL 18h 59m)' act1

add rewrite policy pol2 'true' act2

bind rewrite global pol1 101

bind rewrite global pol2 102

Image 278

Citrix Systems 9.2 manual Rewriting a URL Based on Time, NetScaler solution for rewriting a URL based on the time

Contents

Citrix NetScaler Policy Configuration and Reference Guide Citrix NetScaler Copyright and Trademark Notice Contents Chapter Contents Converting Text to Hexadecimal Format Citrix NetScaler Policy Configuration and Reference Guide Contents Vii Blocking Access to Inline Images Accommodating Browser Dependent ContentBlocking Access by Robots Reducing Web Server Redirects Preface About This Guide Citrix NetScaler Policy Configuration and Reference Guide Preface New in This ReleaseAudience Convention Meaning Boldface Formatting ConventionsFormatting Conventions To view the documentation Getting Service and SupportRelated Documentation Documentation Feedback To provide feedback from the Knowledge Center home Introduction to Policies Expressions Advanced and Classic Policies Benefits of Using Advanced Policies Basic Components of an Advanced or a Classic Policy Chapter Introduction to Policies and Expressions How Different NetScaler Features Use PoliciesNetScaler Feature, Policy Type, and Policy Usage DNS Associated cache server Authorization policies authorize usersAuthorization AAA Traffic Classic About Actions and Profiles Access ClassicAuthorization policies, however, can be Functions Pre-Authentication. Uses Use of Actions and Profiles in Different NetScaler FeaturesFeature Use of an Action Use of a Profile Authorization. Uses Allow About Policy Bindings Server About Evaluation Order of Policies About Advanced Expressions Advanced and Classic ExpressionsOrder of Evaluation Based on Traffic Flow About Classic Expressions Before You Proceed Chapter Citrix NetScaler Policy Configuration and Reference Guide Configuring Advanced Policies Argument Specifies Creating or Modifying an Advanced PolicyAdvanced-Policy Parameters Policy Configuration Examples Following is an example of a Rewrite policy and action Binding Advanced Policies Feature-Specific Differences in Policy BindingsFeature-Specific Bindings for Advanced Policies Provide rules for modifying Policies Global default Responder function Policy labelNetScalers integrated Address of the incoming Bind Points and Order of Evaluation Entries in a Policy Bank Advanced Policy Evaluation Across FeaturesChapter Configuring Advanced Policies Optional Evaluation Order Within a Policy BankFormat of Each Entry in a Policy Bank How Policy Evaluation Ends Example How Features Use Actions After Policy EvaluationBinding a Policy Globally Details pane, click Feature Name policy manager Binding a Policy to a Virtual Server Unbinding an Advanced Policy Displaying Policy Bindings Unbind responder global policyName Creating Policy Labels Creating a Policy Label To create a policy label by using the configuration utility Entries in a Policy Bank Configuring a Policy Label or Virtual Server Policy BankBinding a Policy to a Policy Label Attribute Description Configuring a Policy Label Example Choices are Integrated Caching, Rewrite, or Responder Configuring a Policy Bank for a Virtual Server Configure Virtual Server dialog box click the Policies tab Chapter Configuring Advanced Policies At the NetScaler command prompt, for the Responder, type Configuring and Binding Policies with the Policy Manager Click Regenerate Priorities To remove unused policies by using the Policy Manager Citrix NetScaler Policy Configuration and Reference Guide Configuring Advanced Expressions Getting Started Expression Characteristics Basic Elements of an Advanced Expression Prefixes Http.res.header.myheader Single-Element Expressions Feature Types of Expression Prefix Used in the FeatureFeatures Content Switching Operations Operation Determines whether or not Basic Operations on Expression PrefixesBasic Operations for Expressions Basic Types of Operations Configuring Advanced Expressions Getting StartedCompound Advanced Expressions Compound Operations for Strings Booleans in Compound ExpressionsParentheses in Compound Expressions String-Based Operations for Compound Advanced Expressions Logical operations on strings Compound Operations for Numbers Arithmetic Operations for Compound Advanced Expressions Returns 12 binary Num % numExpression on the right Result of applying the ~ operator is -11 a binary 1110011 Right-side number argument number of bits Binary 1100 and numeric.expression2 returns 10 binaryWhole expression evaluates to 8 binary Following example assumes that numeric.expression1 returns Number .SUB Number .ADDInteger Value Following is an example Integer Number value Following is an example Number .LT Number .LEInteger Integer argument Following is an example Binary value of 10 is 1010, and the result of applying Expression as an argument rather than an integer Result of applying the Bitneg operator is -11 a binary1110011, 32 bits total with all ones to the left Assumes that numeric.expression returns 12 binary Another expression as an argument rather than an integer Bitxor operator to the entire expression is 6 binaryCaret performs a similar function to BITXOR, but takes Number.LSHIFT Value represented by double Number.RSHIFTDouble .ADDi Parameters Double .GTi Double .GEiValue represented by double is greater than or equal to Value represented by double is greater than the argument Configuring Advanced Expressions in a Policy Classic Expressions in Advanced Expressions Following is an example of configuring a caching policy HTTP.REQ.BODY1000.BETWEENthis,that Configuring Named Advanced Expressions Click Advanced Expressions Chapter Citrix NetScaler Policy Configuration and Reference Guide Advanced Expressions Evaluating Text About Text Expressions About Operations on Text Chapter Advanced Expressions Evaluating Text Compounding and Precedence in Text ExpressionsCategories of Text Expressions Guidelines for Text Expressions Http Expression Prefixes that Return Text Expression Prefixes for TextExpression Prefixes for Text in Http Requests and Responses Prefix Description Returns incorrect results if the host name has an IP Returns the domain name part of the host name. ForMyhost.com8080, the domain is myhost.com Address. For information on expressions for IP URL LISTT,. IGNOREEMPTYELEMENTS.COUNT LISTT,.COUNT HTTP.REQ.USER.EXTERNALGROUPS HTTP.REQ.USER.GROUPS User belongs Returns a list of internal groups to which the userFor example, the following expression returns a HTTP.REQ.USER.INTERNALGROUPS Group Returns a portion of the Http response body. Default value of 80 or 443 for Https connectionsReturns the Http version listed in the request Integer argument Expression Prefixes for VPNs and Clientless VPN and Clientless VPN Expression Prefixes that Return Text VPN and Clientless VPN Description Expression Evaluates the server portion of the host name By default, is not considered an empty elementWhen evaluating this header Extracts a slash- / separated list from the path Delimiters from the query string in a URL Extracts a name-value list, using the =Evaluates the protocol in the URL This method ignores the empty elements in a Hostname Has an empty element following a=10 Ignores empty elements in a list. For example, ifList delimiter is a comma , the following list Evaluating this header Element after a=10 Ignores empty elements in a name-value list. ForExample, the following list contains an empty As another example, consider the following http Following expression returns True Results in Boolean True if the host nameIs case insensitive Evaluates the server part of the host name Entry a=10 This method ignores the empty elements in a listFor example, if the delimiter in a list is , Consider the following header =11 is not considered an empty element Example, the following list uses a semicolonPreceding example, the element following Evaluating the same header Basic Operations on Text Operations on TextBasic Operations on Text Returns a Boolean True value if the target contains Operations on Case Sensitivity of Text Operations for Calculating the Length of a StringOperations for Controlling Case Sensitivity Basic Text Operation Description Operations on Strings Based on a Character Count Complex Operations on TextOperations on the Length of a String Case Operation Description Character Count Operation Description Operations on a Portion of a StringBasic Operations on a Portion of a String Object of 0 length Matches starting string, and if the suffix of the target Returns a Boolean True value if the length of the textObject is greater than or equal to the sum starting string Matches ending string Converting Text to a Hash Value Operation Description Applying the Base64 decoding algorithm. The operation Operator DescriptionBase64 encoding algorithm Raises an Undef if text is not in B64-encoded format Converting Text to Hexadecimal Format Citrix NetScaler Policy Configuration and Reference Guide Advanced Expressions Working with Dates, Times, and Numbers Format of Dates and Times in an Expression Dates and Times in a Rewrite Action Expressions for the NetScaler System Time Expressions that Return NetScaler System Dates and Times NetScaler Time Description Operation Advanced Expressions Working with Dates, Times, and Numbers Sys.time.leGMT 2006 True in this example Scheduled reboot, and returns an integerIs equal to the time argument False depending on the current timezone Expressions for SSL Certificate Dates Time2 SSL Certificate Operation Description True You can specify the following evaluation results for For example, if the current time is GMT 2005 May10h 15m 30s, and it is the first Sunday of the month This example are in parentheses Returns a Boolean True if the time precedes or is Closest boot time is in the past, the integer isExtracts the last hour that the certificate is valid Equal to the time argument Extracts the last weekday that the certificate is valid System time and the specified time and returns anIf it is in the future, the integer is positive To give the weekday in the time value Arguments must be fully specified Returns a Boolean True if the time value is betweenTime1, time2 arguments. Both the time1, time2 LOCAL, and time2 must be bigger than time1 Results are in parentheses Returns a Boolean True if the time is greater thanAfter or equal to the time argument Returns a Boolean True if the time occurs after Returns the number of seconds between the current Extracts the last minute that the certificate is validReturns the current month as an integer from NetScaler system time and the specified time as an 6 Saturday Extracts the last second that the certificate is validReturns the current second as an integer from 0 to Element of time from time2, it is assumed to have Expressions for Http Request and Response Dates Prefixes That Evaluate Http Date Headers 111 Citrix NetScaler Policy Configuration and Reference Guide Advanced Expressions Parsing HTTP, TCP, and UDP Data About Evaluating Http and TCP Payload About Evaluating the Payload Body Expressions for Http Headers 115 Http Header Prefix Description Prefixes for Http HeadersPrefixes That Extract Http Headers Advanced Expressions Parsing HTTP, TCP, and UDP Data First instance is returned Returns the value of Path field of the cookieAs a slash- / separated list. Multiple For example, the following is a cookie with From Set-Cookie Customer = Returns the value of Port field of the cookieOperate as a comma-separated list ABC PATH=/a/b/c PORT= 80 Example, the following expression returns a Returns the value of the Domain fieldFirst cookie with the specified name. For DOMAIN=.xyz.com Named cookie as a , separated list. For From the cookie Set-Cookie Customer Returns the value of Version field of the nth Operations for Http HeadersOperations That Evaluate Http Headers Header type exists Following returns a Boolean True Any instance of the header valueFollowing is an example of request with two headers Does not concatenate the different values Following is an example of a request STR stringInstance to the first Following extracts the string def from the last Used in bidirectional policies Or a response. This operation returns the header thatOccurs instance number of places before the final Instance number argument cannot exceed Prefixes That Extract Cache-Control Headers Prefixes for Cache-Control HeadersOperations for Cache-Control Headers Cannot exceed Http Header Operation Description Operations That Evaluate Cache-Control Headers127 Has the value Must-Revalidate Has the value Min-FreshHas the value Max-Stale Has the value No-Transform Expressions for Extracting Segments of URLs Prefixes That Evaluate Http Request or Response Length Expressions for Numeric Http Payload Data Other Than DatesPrefixes That Extract URLs URL Prefix Description Html or XML Operation Description Operations That Evaluate Html and XML EncodingReturns the response status code Converts unsafe URL characters to %xx values Where xx is a hex-based representationSpecifies how to treat the plus character +. Read-only operation Decoded to http//, where the colon is With the character Y where XXX representsWhere the colon is the Ascii equivalent Where WW and XX represent two distinct GET Operation Description Expressions for TCP, UDP, and Vlan DataPrefixes that Extract TCP and UDP Data Domain and the priority for each server Enables locating the domain name that isMX mail exchanger. This DNS record describes NS. This is a name server record that includes a XPath and Json Expressions XPath and Json Expression Prefixes that Return Text File Book creator person Namename , titletitle Or a string. Node-sets are converted toXPath string conversion routine Json file and returns a Boolean True if First 1000 bytes of the body of the Json For example, consider the following JsonThat are enclosed by /Book a node-set File and returns the corresponding string MARKUPxp%/Book/creator% Text.XPATHWITHBytes of the body Citrix NetScaler Policy Configuration and Reference Guide Advanced Expressions Parsing SSL Certificates About SSL and Certificate Expressions SSL transaction Prefixes for Text-Based SSL and Certificate DataReturns the SSL client certificate in the current SSL cryptographic cipher is exportable Advanced Expressions Parsing SSL Certificates Prefixes for Numeric Data in SSL CertificatesExpressions for SSL Certificates Returns a Boolean True if the client has an SSL Issuer in the certificate as a name-value list. AnBased on the preceding Issuer definition Returns the Distinguished Name DN Certificate as a name-value list. An equals sign Returns the Issuer Distinguished NameAn Authority Key Identifier extension = is the delimiter for the name and the value False CLIENT.SSL.CLIENTCERT.ISSUER IGNOREEMPTYELEMENTS.COUNT Citrix NetScaler Policy Configuration and Reference Guide Expressions for IP Addresses and IP Subnets Prefixes That Evaluate IP and MAC Addresses Prefixes for IPV4 Addresses and IP SubnetsOperations for IPV4 Addresses Operations on IPV4 Addresses About IPv6 Expressions Qual1.qual2.qual3.qual4.qual5.qual6 IP header Expression Prefixes for IPv6 AddressesIPv6 Expression Prefixes that Return Text Returns the IPv6 address in the source field of the IP IPv6 Operation Description Operations for IPV6 PrefixesOperations That Evaluate IPv6 Addresses Operations for MAC Addresses Expressions for MAC AddressesPrefixes for MAC Addresses Prefixes That Evaluate MAC Addresses 155 Expressions for Numeric Client and Server DataPrefixes That Evaluate Numeric Client and Server Data Citrix NetScaler Policy Configuration and Reference Guide Matching Text With Strings in a Set Patternsetname Operators That Use a Pattern SetMatching Operators Description To patternsetname Name Setname Configuring a Pattern Set 161 At a NetScaler command prompt, type 163 Add policy patset myPatSet Matching Text With a Pattern 165 Basic Characteristics of Regular ExpressionsOperations for Regular Expressions From text/plain Selects text that precedes the string that matchesRegular expression argument. If the regular Expression does not match any text in the target Regular Expression Operation Description Settextmodeignorecase Header value. The header instances are matched Insensitive, multi-line match, where the dotText following the string that matches From the last to the first Following example selects NS-CACHE-9.0 Transforming Text and Numbers into Different Data TypesFirst Typecasting Operations As the delimiter, an uppercase P is not treated as a If the current text mode is Ignorecase and you specifyAre ignored Delimiter Treats a numeric string like an IP address Hostname path? query, and the text mode is set toUrlencoded by default For example, the following policy matches Http requests For example, this policy would extract 4444 from Following policy extracts a numeric portion of a queryString, adds 4 to the number, and inserts an Http header Following Http response header HTTP.REQ.COOKIE.TYPECASTHTTPHEADERT HTTP.REQ.SETCOOKIEHTTP.REQ.COOKIE.TYPECASTHTTPHEADER For example, the following expression converts Converts the designated text to a multi-line Http headerThat you specify in a name argument MyHeader to InHeader Betweengmt 2004, GMT 2006 True Eqgmt 2005 Dec False Time value argument tEqgmt 2005 True EQLocal 2005 May True or FALSE, depending on GTLocal 2005 May True or FALSE, depending on Gtgmt 2004 TrueGtgmt 2005 Jan True Gtgmt 8h True LELocal 2005 May True or FALSE, depending on Legmt 2006 TrueLegmt 2005 Dec True Legmt 8h False Value as an integer that ranges from 0 to Most recent reboot or the number of seconds to the nextTime is in the future scheduled reboot time, the integer is Value as an integer that ranges from 1 January to Time1 and time2 Double to an integer Extracts the year from the current system time and returnsTransforms the double-precision number represented by Expressions for Controlling the Traffic Rate Advanced Policies Controlling Rate of TrafficAbout Policies that Monitor the Traffic Rate Configuring Policies That Control the Traffic Rate Chapter About Calling Out to an External Application About Http Callout Policies Following is an example of a response 187 Parameter Specifies Configuring an Http Callout PolicyElements in an Http Callout Policy Expression that derives the value. Examples Attribute-based Http Method httpMethodServer mutually URL stem expression urlStemExpr NetScaler does not check the validity of this request. You Example, if you configure a return type of text, the resultExpression to 8191 characters Must manually validate the request 191 To modify a callout policy using the NetScaler command line Examples Invoking an Http Callout Policy To delete a callout policy using the NetScaler command lineTo view a callout policy using the NetScaler command line 193 If the return type is NUM, the following expression is valid 195 Citrix NetScaler Policy Configuration and Reference Guide Configuring Classic Policies Expressions Where Classic Policies Are Used Http Configuring Classic Policies and Expressions Auditing of user access Viewing Classic Policies Click Policies Configuring a Classic Policy 201 At the command line, type To create a classic policy using the NetScaler command line Configuring a Classic Expression 203 REQ.IP.SOURCEIP == 200.0.0.0 -netmask 205 Flow Type.protocol.qualifier.operator.value.header Name Binding a Classic Policy 207 Configure Virtual Server dialog box, click the Policies tab Creating Named Classic Expressions 209 Citrix NetScaler Policy Configuration and Reference Guide Expression Prefix Descriptions Expressions ReferenceAdvanced Expressions Citrix NetScaler Policy Configuration and Reference Guide Appendix a Expressions Reference Operates on the Vlan through which the current Expression Prefixes for Text in Http Ignores spaces in the data. See the table Http Appendix a Expressions Reference 217 Obtains the Expires field of the cookie as a date Appendix a Expressions Reference 219 SERVER.INTERFACE.ID.EQLA/1 Appendix a Expressions Reference 221 VPNs, on Ignores spaces in the data. For an example, see Appendix a Expressions Reference 223 Expression Element Definition Classic ExpressionsOperators General Expressions Appendix a Expressions Reference 225 REQ.SSL REQ.SSL.CLIENT.CERT.ISSUERREQ.HTTP.URLQUERYLEN REQ.SSL.CLIENT.CERT Appendix a Expressions Reference 227 Actual Expression Definition Client Security ExpressionsExpression Element Expression Definition Network-Based ExpressionsAppendix a Expressions Reference 229 Time Date/Time ExpressionsFile System Expressions Date Appendix a Expressions Reference 231 Built-In Named Expressions General Appendix a Expressions Reference 233 Always returns a value of False Nstrue Nsurlpathbin NsfarclientNsmsexcel Nsmsie Nsmsppt Nsmsword Appendix a Expressions Reference 235 Built-InNamed Expressions Anti-VirusBuilt-InNamed Expressions Personal Firewall Any version of Norton Internet Security Built-InNamed Expressions Client SecurityExpression Definition Norton Internet Security Expression Type Sample Expressions Summary Examples of Advanced Expressions and PoliciesExamples of Advanced Expressions Http request based on the file Content-Type headerLook for a particular file type in an Extension Examples of Advanced Expressions and Policies Purpose Example Responder functionality To https// in all URLsThis policy uses Modify a URL to redirect Through unchanged Limit the numberCheck the client IP NS-Client header Remove old headers fromRequest and insert an Then modify the insert Request, insert anNS-Client header, Header action so that Citrix NetScaler Policy Configuration and Reference Guide Tutorial Examples of Advanced Policies for Rewrite Redirecting an External URL to an Internal URL Bind the policy globally Appendix C Redirecting a QueryRedirecting Http to Https 247 Removing Unwanted Headers 249 Reducing Web Server RedirectsMasking the Server Header Add rewrite policy polmask-server true actmask-server Tutorial Examples of Classic Policies Citrix NetScaler Policy Configuration and Reference Guide Appendix D Tutorial Examples of Classic Policies 253 REQ.HTTP.HEADER URL Contains string Application Firewall Policy to Protect Scripted Web Pages Appendix D Tutorial Examples of Classic Policies 255 DNS Policy to Drop Packets from Specific IPs SSL Policy to Require Valid Client Certificates Add dns policy polddosdrop Citrix NetScaler Policy Configuration and Reference Guide Migration of Apache modrewrite Rules to Advanced Policies Converting URL Variations into Canonical URLs Apache modrewrite solution for converting a URLNetScaler solution for converting a URL Converting Host Name Variations to Canonical Host Names Moving a Document Root Apache modrewrite solution for moving the document rootNetScaler solution for moving the document root Appendix E Moving Home Directories to a New Web Server Working with Structured Home Directories NetScaler solution for redirection if a URL is wrong method Apache modrewrite solution for structured home directoriesNetScaler solution for structured home directories Redirecting Invalid URLs to Other Web Servers NetScaler solution for rewriting a URL based on the time Rewriting a URL Based on Time 265 Redirecting to a New File Name Invisible to the UserRedirecting to New File Name User-Visible URL Accommodating Browser Dependent Content Apache modrewrite solution for browser-specific settings Blocking Access by Robots 267 Creating Extensionless Links Blocking Access to Inline ImagesNetScaler solution for blocking access to an inline image 269 NetScaler policy for adding a .php extension to all requests Apache modrewrite solution Redirecting a Working URI to a New Format NetScaler solution using pattern sets NetScaler solutionNetScaler solution using regular expressions Ensuring That a Secure Server Is Used for Selected Pages Bind patset pat1 page4 Bind patset pat1 page5 New Operators for Extracting and Evaluating Numeric Data New Advanced Expression Operators in This ReleaseOperators for Extracting and Evaluating Numeric Data Number.TYPECASTIPADDRESSAT Operators Operation Operators for Extracting and Evaluating TextNew Operators for Evaluating Text New Operators for Extracting and Evaluating Http data Operators for Extracting and Evaluating Http DataOperators for the Client and ipv6 Expression Prefixes Operators for Client and ipv6 Expression Prefixes XPath and Json Operators for Evaluating XML and Json Text XPath and Json Operators for Evaluating XML and Json DataOperators for Evaluating Groups to Which a User Belongs Operators for Evaluating Groups to Which a User Belongs Index Introduction to 224 migration to advanced Index 279 RES.VLANID CLIENT.ETHER.DSTMAC Index HTTP.RES.SETCOOKIE2.COOKIEname, i Omain 82 VPN.CLIENTLESSHOSTURL.HOSTNAME.E Authkeyid Citrix NetScaler Policy Configuration and Reference Guide Index Useinvocationresult VPN 65 Character 57 ? character Citrix NetScaler Policy Configuration and Reference Guide