Citrix Systems Network Router 9.2 用户手册
194
Citrix NetScaler Policy Configuration and Reference Guide
sys.http_callout(authCallout).contains(
"
someText
"
)
If the return type is NUM, the following expression is valid:
sys.http_callout(authCallout).gt(500)
The following example shows the use of SYS.HTTP_CALLOUT to retrieve a
source IP address and insert it in a header of an HTTP request. (Bold is used for
emphasis.)
source IP address and insert it in a header of an HTTP request. (Bold is used for
emphasis.)
set policy httpCallout extractSrcIPCallout -ipAddress 10.101.
10.10 -port 80 -returnType text -hostExpr
"
\
"
10.101.10.10\
""
-urlStemExpr
"
\
"
/mysite/index.html\
""
-resultExpr 'server.ip.
src'
add rewrite action insertSrcIPAction insert_http_header Name
"
sys.http_callout(extractSrcIPCallout)
"
-bypassSafetyCheck yes
add rewrite policy insertSrcIPPolicy
"
http.req.
header(\
"
MyHeader\
"
).exists
"
insertSrcIPAction
bind rewrite global insertHostHeaderPolicy 100 END -type
req_default
The following example shows the use of SYS.HTTP_CALLOUT to retrieve
notification regarding whether a client IP address is blocked from a server and
configure a “You are banned” message in the Responder. (Bold is used for
emphasis.)
notification regarding whether a client IP address is blocked from a server and
configure a “You are banned” message in the Responder. (Bold is used for
emphasis.)
add policy httpCallout blockedCalloutPolicy
set policy httpCallout blockedCalloutPolicy -returnType text
-ipAddress 10.100.10.10 -port 80 -fullReqExpr '
"
Get
/cgi-bin/is_ip_blocked?ip=
"
+ client.ip.src +
"
http/1.1\r\n
"
+
"
Host: my_server\r\n\r\n
"
' -resultExpr 'http.res.
header(
"
Result
"
)'
add responder action blockedResponderAction respondwith
'
"
HTTP/1.1 200OK\r\n Content=Length: 17 \r\n\r\nYour IP is
banned
"
'
add responder policy blockedResponderPolicy
"
http.req.url.
eq(
"
/
"
) && sys.http.callout(blockedCalloutPolicy).
eq(
"Blocked")
blockedResponderAction
bind responder global blockedResponderPolicy 100 END -type
res_override
Notes on Invoking a Callout
When invoking an HTTP callout in a policy or an action, be sure that the callout
invocation does not trigger additional callouts. For example, a policy should not
invoke an HTTP callout named MyCalloutPL if the policy expression contains
the URL /mycallout.pl. The following is an example:
invocation does not trigger additional callouts. For example, a policy should not
invoke an HTTP callout named MyCalloutPL if the policy expression contains
the URL /mycallout.pl. The following is an example: