Citrix Systems Network Router 9.2 Benutzerhandbuch
204
Citrix NetScaler Policy Configuration and Reference Guide
You read the expression from left to right. The leftmost term is either REQ,
designating a request, or RES, designating a response. Successive terms define a
specific type of connection and specific attribute of that connection type. Each
term is separated from any preceding or following terms with a period.
Arguments appear in parentheses following the term to which they apply.
designating a request, or RES, designating a response. Successive terms define a
specific type of connection and specific attribute of that connection type. Each
term is separated from any preceding or following terms with a period.
Arguments appear in parentheses following the term to which they apply.
In the example, the IP parameter identifies an IP address in the request. Finally,
the term SOURCEIP designates the source IP address rather than the destination
IP address.
the term SOURCEIP designates the source IP address rather than the destination
IP address.
This expression fragment may not be useful by itself. You can extend an
expressio to determine whether the returned value meets specific criteria.The
following expression tests whether the client source IP is in the subnet 200.0.0.0/
8, and returns a boolean TRUE value if the client IP is located within the
designated network:
expressio to determine whether the returned value meets specific criteria.The
following expression tests whether the client source IP is in the subnet 200.0.0.0/
8, and returns a boolean TRUE value if the client IP is located within the
designated network:
REQ.IP.SOURCEIP == 200.0.0.0 -netmask 255.0.0.0
To configure an expression in a classic policy using the configuration utility
1.
To create a new expression, in the Create Policy dialog box you typically
click Add. Note that for Content Switching policies, you click Configure
to view the expression configuration dialog box.
click Add. Note that for Content Switching policies, you click Configure
to view the expression configuration dialog box.
2.
In the Add Expression dialog box, under Flow Type, choose a flow type.
The flow type is typically REQ or RES. The REQ option specifies that the
policy will apply to all incoming connections, or requests. The RES option
applies the policy to all outgoing connections, or responses.
policy will apply to all incoming connections, or requests. The RES option
applies the policy to all outgoing connections, or responses.
For Application Firewall policies, you should leave the expression type set
to General Expression, and the flow type set to REQ. The Application
Firewall treats each request and response as a single paired entity, so all
Application Firewall policies begin with REQ.
to General Expression, and the flow type set to REQ. The Application
Firewall treats each request and response as a single paired entity, so all
Application Firewall policies begin with REQ.
3.
Under Protocol, click the down arrow and choose the protocol you want for
your policy expression. Your choices are:
your policy expression. Your choices are:
•
HTTP. Evaluates HTTP requests that are sent to a Web server. In
classic expressions, HTTP includes HTTPS requests, as well.
classic expressions, HTTP includes HTTPS requests, as well.
•
SSL. Evaluates SSL data associated with the current connection.
•
TCP. Evaluates the TCP data associated with the current connection.
•
IP. Evaluates the IP addresses associated with the current connection.
4.
In the Qualifier list box, and choose a qualifier for your policy.
The qualifier defines the type of data to be evaluated. The list of qualifiers
that appears depends on which protocol you selected in the previous step.
The following list describes the qualifier choices for the HTTP protocol.
that appears depends on which protocol you selected in the previous step.
The following list describes the qualifier choices for the HTTP protocol.