ADC

Compound advanced policy expressions

You can configure an Advanced policy expression that contains Boolean or arithmetic operators and multiple atomic operations. The following compound expression contains a boolean AND:

http.req.hostname.eq("mycompany.com") && http.req.method.eq(post)

The following expression adds the value of two targets, and compares the result to a third value:

http.req.url.length + http.req.cookie.length \<= 500

A compound expression can contain any number of logical and arithmetic operators. The following expression evaluates the length of an HTTP request on the basis of its URL and cookie, evaluates text in the header, and performs a Boolean AND on these two results:

http.req.url.length + http.req.cookie.length \<= 500 && http.req.header.contains("some text")

You can use parentheses to control the order of evaluation in a compound expression.

Booleans in compound expressions

You configure compound expressions with the following operators:

  • &&.

    This operator is a logical AND. For the expression to evaluate to TRUE, all components that are joined by the And must evaluate to TRUE. Following is an example:

    http.req.url.hostname.eq(“myHost”) && http.req.header(“myHeader”).exists

  • This operator is a logical OR. If any component of the expression that is joined by the OR evaluates to TRUE, the entire expression is TRUE.

  • !.

    Performs a logical NOT on the expression.

In some cases, the Citrix ADC configuration utility offers AND, NOT, and OR operators in the Add Expression dialog box. However, these are of limited use. Citrix recommends that you use the operators &&,

Parentheses in compound expressions

You can use parentheses to control the order of evaluation of an expression. The following is an example:

http.req.url.contains("myCompany.com") || (http.req.url.hostname.eq("myHost") && http.req.header("myHeader").exists)

The following is another example:

(http.req.header("Content-Type").exists && http.req.header("Content-Type").eq("text/html")) || (http.req.header("Transfer-Encoding").exists || http.req.header("Content-Length").exists)

Compound operations for strings

The following table describes operators that you can use to configure compound operations on string data.

Operations that produce a string value Description
str + str Concatenates the value of the expression on the left of the operator with the value on the right. Following is an example: http.req.hostname + http.req.url.protocol
str + num Concatenates the value of the expression on the left of the operator with a numeric value on the right. Following is an example: http.req.hostname + http.req.url.content_length
num + str Concatenates the numeric value of the expression on the left side of the operator with a string value on the right. Following is an example: http.req.url.content_length + http.req.url.hostname
str + ip Concatenates the string value of the expression on the left side of the operator with an IP address value on the right. Following is an example: http.req.hostname + 10.00.000.00
ip + str Concatenates the IP address value of the expression on the left of the operator with a string value on the right.Following is an example: client.ip.dst + http.req.url.hostname
str1 ALT str2 Uses string2 if the evaluation of string1 results in an undef exception or the result is a null string; otherwise uses string1 and never evaluates string2. Example:http.req.hostname alt client.ip.src
Operations on strings that produce a result of TRUE or FALSE Description
str == str Evaluates whether the strings on either side of the operator are the same. Following is an example: http.req.header(“myheader”) == http.res.header(“myheader”)
str <= str Evaluates whether the string on the left side of the operator is the same as the string on the right, or precedes it alphabetically.
str >= str Evaluates whether the string on the left side of the operator is the same as the string on the right, or follows it alphabetically.
str < str Evaluates whether the string on the left side of the operator precedes the string on the right alphabetically.
str > str Evaluates whether the string on the left side of the operator follows the string on the right alphabetically.
str !!= str Evaluates whether the strings on either side of the operator are different.
Logical operations on strings Description  
bool && bool This operator is a logical AND. When evaluating the components of the compound expression, all components that are joined by the AND must evaluate to TRUE. Following is an example: http.req.method.eq(GET) && http.req.url.query.contains(“viewReport && my_pagelabel”)  
bool || bool This operator is a logical OR. When evaluating the components of the compound expression, if any component of the expression that is joined by the OR evaluates to TRUE, the entire expression is TRUE. Following is an example: http.req.url.contains(“.js”)
bool Performs a logical NOT on the expression.  

Compound operations for numbers

You can configure compound numeric expressions. For example, the following expression returns a numeric value that is the sum of an HTTP header length and a URL length:

http.req.header.length + http.req.url.length

The following tables describes operators that you can use to configure compound expressions for numeric data.

Arithmetic operations on numbers Description    
num + num Add the value of the expression on the left of the operator to the value of the expression on the right. Following is an example: http.req.content_length + http.req.url.length    
num – num Subtract the value of the expression on the right of the operator from the value of the expression on the left.    
num x num Multiply the value of the expression on the left of the operator with the value of the expression on the right. Following is an example: client.interface.rxthroughput * 9    
num / num Divide the value of the expression on the left of the operator by the value of the expression on the right.    
num % num Calculate the modulo, or the numeric remainder on a division of the value of the expression on the left of the operator by the value of the expression on the right. For example, the values “15 mod 4” equals 3, and “12 mod 4” equals 0.    
~number Returns a number after applying a bitwise logical negation of the number. The following example assumes that numeric.expression returns 12 (binary 1100): ~numeric.expression. The result of applying the ~ operator is -11 (a binary 1110011, 32 bits total with all ones to the left). Note that all returned values of less than 32 bits before applying the operator implicitly have zeros to the left to make them 32 bits wide.    
number ^ number Compares two bit patterns of equal length and performs an XOR operation on each pair of corresponding bits in each number argument, returning 1 if the bits are different, and 0 if they are the same. Returns a number after applying a bitwise XOR to the integer argument and the current number value. If the values in the bitwise comparison are the same, the returned value is a 0. The following example assumes that numeric.expression1 returns 12 (binary 1100) and numeric.expression2 returns 10 (binary 1010): numeric.expression1 ^ numeric.expression2The result of applying the ^ operator to the entire expression is 6 (binary 0110). Note that all returned values of less than 32 bits before applying the operator implicitly have zeros to the left to make them 32 bits wide.    
number | number Returns a number after applying a bitwise OR to the number values. If either value in the bitwise comparison is a 1, the returned value is a 1. The following example assumes that numeric.expression1 returns 12 (binary 1100) and numeric.expression2 returns 10 (binary 1010): numeric.expression1 numeric.expression2The result of applying the operator to the entire expression is 14 (binary 1110). Note that all returned values of less than 32 bits before applying the operator implicitly have zeros to the left to make them 32 bits wide.
number & number Compares two bit patterns of equal length and performs a bitwise AND operation on each pair of corresponding bits, returning 1 if both of the bits contains a value of 1, and 0 if either bits are 0. The following example assumes that numeric.expression1 returns 12 (binary 1100) and numeric.expression2 returns 10 (binary 1010): numeric.expression1 & numeric.expression2 The whole expression evaluates to 8 (binary 1000). Note that all returned values of less than 32 bits before applying the operator implicitly have zeros to the left to make them 32 bits wide.    
num « num Returns a number after a bitwise left shift of the number value by the right-side number argument number of bits. Note that the number of bits shifted is integer modulo 32. The following example assumes that numeric.expression1 returns 12 (binary 1100) and numeric.expression2 returns 3: numeric.expression1 « numeric.expression2 The result of applying the LSHIFT operator is 96 (a binary 1100000).Note that all returned values of less than 32 bits before applying the operator implicitly have zeros to the left to make them 32 bits wide.    
num » num Returns a number after a bitwise right shift of the number value by the integer argument number of bits. Note that the number of bits shifted is integer modulo 32. The following example assumes that numeric.expression1 returns 12 (binary 1100) and numeric.expression2 returns 3: numeric.expression1 » numeric.expression2 The result of applying the RSHIFT operator is 1 (a binary 0001). Note that all returned values of less than 32 bits before applying the operator implicitly have zeros to the left to make them 32 bits wide.    
Numeric operators that produce a result of TRUE or FALSE Description
num == num Determine if the value of the expression on the left of the operator is equal to the value of the expression on the right.
num != num Determine if the value of the expression on the left of the operator is not equal to the value of the expression on the right.
num > num Determine if the value of the expression on the left of the operator is greater than the value of the expression on the right.
num < num Determine if the value of the expression on the left of the operator is less than the value of the expression on the right.
num >= num Determine if the value of the expression on the left of the operator is greater than or equal to the value of the expression on the right.
num <= num Determine if the value of the expression on the left of the operator is less than or equal to the value of the expression on the right

Functions for data types in the policy infrastructure

The Citrix ADC policy infrastructure supports the following numeric data types:

  • Integer (32 bits)
  • Unsigned long (64 bits)
  • Double (64 bits)

Simple expressions can return all of these data types. Therefore, you can create compound expressions that use arithmetic operators and logical operators to evaluate or return values of these data types. Additionally, you can use all of these values in policy expressions. Literal constants of type unsigned long can be specified by appending the string ul to the number. Literal constants of type double contain a period (.), an exponent, or both.

Arithmetic Operators, Logical Operators, and Type Promotion

In compound expressions, the following standard arithmetic and logical operators can be used for the double and unsigned long data types:

  • +, -, *, and /
  • %, ~, ^, &, , «, and » (do not apply to double)
  • ==, !=, >, <, >=, and <=

All of these operators have the same meaning as in the C programming language.

In all cases of mixed operations between operands of type integer, unsigned long, and double, type promotion is performed so that the operation can be performed on operands of the same type. A type of lower precedence is automatically promoted to the type of the operand with the highest precedence involved in the operation. The order of precedence (higher to lower) is as follows:

  • Double
  • Unsigned long
  • Integer

Therefore, an operation that returns a numeric result returns a result of the highest type involved in the operation.

For example, if the operands are of type integer and unsigned long, the integer operand is automatically converted to type unsigned long. This type conversion is performed even in simple expressions in which the type of data identified by the expression prefix does not match the type of data that is passed as the argument to the function. To illustrate such an example, in the operation HTTP.REQ.CONTENT_LENGTH.DIV(3ul), the integer returned by the prefix HTTP.REQ.CONTENT_LENGTH is automatically converted to unsigned long (the type of the data passed as the argument to the DIV() function), and an unsigned long division is performed. Similarly, the argument can be promoted in an expression. For example, HTTP.REQ.HEADER(“myHeader”).TYPECAST_DOUBLE_AT.DIV(5) promotes the integer 5 to type double and performs double-precision division.

For information about expressions for casting data of one type to data of another type, see Typecasting data.

Compound advanced policy expressions