- Action Analytics
-
AppExpert Applications and Templates
- How AppExpert application works
- Get started with AppExpert
-
Customize AppExpert Configuration
- Configure public endpoints
- Configure services and service groups for an application unit
- Create application units
- Configure application unit rules
- Configure policies for application units
- Configure application units
- Configure public endpoints for an application
- Specify the order of evaluation of application units
- Configure persistency groups for application units
- View AppExpert applications and configure entities by using application visualizer
- Configure user authentication
- Monitor Citrix ADC statistics
- Delete an AppExpert application
- Configure application authentication, authorization, and auditing
- Set up a custom Citrix ADC application
-
Creating and Managing Template Files
- Exporting an AppExpert Application to a Template File
- Exporting a Content Switching Virtual Server Configuration to a Template File
- Creating Variables in Application Templates
- Uploading and Downloading Template Files
- Understanding Citrix ADC Application Templates and Deployment Files
- Deleting a Template File
- Citrix Gateway Applications
- AppQoE
- Entity Templates
-
HTTP Callouts
- How an HTTP Callout Works
- Notes on the Format of HTTP Requests and Responses
- Configuring an HTTP Callout
- Verifying the Configuration
- Invoking an HTTP Callout
- Avoiding HTTP Callout Recursion
- Caching HTTP Callout Responses
- Use Case: Filtering Clients by Using an IP Blacklist
- Use Case: ESI Support for Fetching and Updating Content Dynamically
- Use Case: Access Control and Authentication
- Use Case: OWA-Based Spam Filtering
- Use Case: Dynamic Content Switching
- Pattern Sets and Data Sets
- Variables
-
Policies and Expressions
- Introduction to Policies and Expressions
-
Configuring Advanced Policy Infrastructure
- Rules for Names in Identifiers Used in Policies
- Creating or Modifying a Policy
- Policy Configuration Examples
- Binding Policies Using Advanced Policy
- Unbinding a Policy
- Creating Policy Labels
- Configuring a Policy Label or Virtual Server Policy Bank
- Invoking or Removing a Policy Label or Virtual Server Policy Bank
- Configuring and Binding Policies with the Policy Manager
-
Configuring Advanced Policy Expression: Getting Started
- Basic Elements of an Advanced Policy Expression
- Compound Advanced Policy Expressions
- Specifying the Character Set in Expressions
- Classic Expressions in Advanced Policy Expressions
- Configuring Advanced Policy Expressions in a Policy
- Configuring Named Advanced Policy Expressions
- Configuring Advanced Policy Expressions Outside the Context of a Policy
- Advanced Policy Expressions: Evaluating Text
-
Advanced Policy Expressions: Working with Dates, Times, and Numbers
- Format of Dates and Times in an Expression
- Expressions for the Citrix ADC System Time
- Expressions for SSL Certificate Dates
- Expressions for HTTP Request and Response Dates
- Generating the Day of the Week, as a String, in Short and Long Formats
- Expression Prefixes for Numeric Data Other Than Date and Time
- Converting Numbers to Text
- Virtual Server Based Expressions
-
Advanced Policy Expressions: Parsing HTTP, TCP, and UDP Data
- About Evaluating HTTP and TCP Payload
- Expressions for Identifying the Protocol in an Incoming IP Packet
- Expressions for HTTP and Cache-Control Headers
- Expressions for Extracting Segments of URLs
- Expressions for HTTP Status Codes and Numeric HTTP Payload Data Other Than Dates
- SIP Expressions
- Operations for HTTP, HTML, and XML Encoding and “Safe” Characters
- Expressions for TCP, UDP, and VLAN Data
- Expressions for Evaluating a DNS Message and Identifying Its Carrier Protocol
- XPath and HTML, XML, or JSON Expressions
- Encrypting and Decrypting XML Payloads
- Advanced Policy Expressions: Parsing SSL Certificates
- Advanced Policy Expressions: IP and MAC Addresses, Throughput, VLAN IDs
- Advanced Policy Expressions: Stream Analytics Functions
- Advanced Policy Expressions: DataStream
- Typecasting Data
- Regular Expressions
- Configuring Classic Policies and Expressions
- Expressions Reference-Advanced Policy Expressions
- Expressions Reference-Classic Expressions
- Summary Examples of Default Syntax Expressions and Policies
- Tutorial Examples of Default Syntax Policies for Rewrite
- Tutorial Examples of Classic Policies
- Migration of Apache mod_rewrite Rules to the Default Syntax
-
Rate Limiting
- Configuring a Stream Selector
- Configuring a Traffic Rate Limit Identifier
- Configuring and Binding a Traffic Rate Policy
- Viewing the Traffic Rate
- Testing a Rate-Based Policy
- Examples of Rate-Based Policies
- Sample Use Cases for Rate-Based Policies
- Rate Limiting for Traffic Domains
- Configure rate limit at packet level
-
Responder
- Enabling the Responder Feature
- Configuring a Responder Action
- Configuring a Responder Policy
- Binding a Responder Policy
- Setting the Default Action for a Responder Policy
- Responder Action and Policy Examples
- Diameter Support for Responder
- RADIUS Support for Responder
- DNS Support for the Responder Feature
- Troubleshooting
-
Rewrite
- How Rewrite Works
- Enabling the Rewrite Feature
- Configuring a Rewrite Action
- Configuring a Rewrite Policy
- Binding a Rewrite Policy
- Configuring Rewrite Policy Labels
- Configuring the Default Rewrite Action
- Bypassing the Safety Check
-
Rewrite Action and Policy Examples
- Example 1: Delete Old X-Forwarded-For and Client-IP Headers
- Example 2: Adding a Local Client-IP Header
- Example 3: Tagging Secure and Insecure Connections
- Example 4: Mask the HTTP Server Type
- Example 5: Redirect an External URL to an Internal URL
- Example 6: Migrating Apache Rewrite Module Rules
- Example 7: Marketing Keyword Redirection
- Example 8: Redirect Queries to the Queried Server
- Example 9: Home Page Redirection
- Example 10: Policy-based RSA Encryption
- Example 11: policy-based RSA encryption with no padding
- URL Transformation
- RADIUS Support for the Rewrite Feature
- Diameter Support for Rewrite
- DNS Support for the Rewrite Feature
- String Maps
- URL Sets
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This content has been machine translated dynamically.
Translation failed!
Use Case: Filtering clients by using an IP blacklist
HTTP callouts can be used to block requests from clients that are blacklisted by the administrator. The list of clients can be a publicly known blacklist, a blacklist that you maintain for you organization, or a combination of both.
The Citrix ADC appliance checks the IP address of the client against the pre-configured blacklist and blocks the transaction if the IP address has been blacklisted. If the IP address is not in the list, the appliance processes the transaction.
To implement this configuration, you must perform the following tasks:
- Enable responder on the Citrix ADC appliance.
- Create an HTTP callout on the Citrix ADC appliance and configure it with details about the external server and other required parameters.
- Configure a responder policy to analyze the response to the HTTP callout, and then bind the policy globally.
- Create an HTTP callout agent on the remote server.
Enabling responder
You must enable responder before you can use it.
To enable responder by using the GUI
- Make sure that you have installed the responder license.
- In the configuration utility, expand AppExpert, and right-click Responder, and then click Enable Responder feature.
Creating an HTTP callout on the Citrix ADC appliance
Create an HTTP callout, HTTP_Callout, with the parameter settings shown in the following table. For more information about creating an HTTP callout, see Configuring an HTTP Callout pdf.
Configuring a responder policy and binding it globally
After you configure the HTTP callout, verify the callout configuration, and then configure a responder policy to invoke the callout. While you can create a responder policy in the Policies sub-node and then bind it globally by using the Responder Policy Manager, this demonstration uses the Responder Policy Manager to create the responder policy and bind the policy globally.
To create a responder policy and bind it globally by usin
- Navigate to AppExpert > Responder.
- In the details pane, under Policy Manager, click Policy Manager.
- In the Responder Policy Manager dialog box, click Override Global.
- Click Insert Policy, and then, under Policy Name, click **New Policy.
- In the Create Responder Policy dialog box, do the following:
-
In Name, type PolicyResponder1.
-
In Action, select RESET.
-
In Undefined-Result Action, select Global undefined-result action.
-
In Expression, type the following default syntax expression:
"HTTP.REQ.HEADER("Request").EQ("Callout Request").NOT && SYS.HTTP_CALLOUT(HTTP_Callout).CONTAINS("IP Matched")"
-
Click Create, and then click Close.
-
- Click Apply Changes, and then click Close.
Creating an HTTP callout agent on the remote server
You must now create an HTTP callout agent on the remote callout server that will receive callout requests from the Citrix ADC appliance and respond appropriately. The HTTP callout agent is a script that is different for each deployment and must be written with the server specifications in mind, such as the type of database and the scripting language supported.
Following is a sample callout agent that verifies whether the given IP address is part of an IP blacklist. The agent has been written in the Perl scripting language and uses a MYSQL database.
The following CGI script checks for a given IP address on the callout server.
#!/usr/bin/perl -w
print "Content-type: text/html\n\n";
use DBI();
use CGI qw(:standard);
#Take the Client IP address from the request query
my $ip_to_check = param('cip');
# Where a MYSQL database is running
my $dsn = 'DBI:mysql:BAD_CLIENT:localhost';
# Database username to connect with
my $db_user_name = ‘dbuser’;
# Database password to connect with
my $db_password = 'dbpassword';
my ($id, $password);
# Connecting to the database
my $dbh = DBI->connect($dsn, $db_user_name, $db_password);
my $sth = $dbh->prepare(qq{ select * from bad_clnt });
$sth->execute();
while (my ($ip_in_database) = $sth->fetchrow_array()) {
chomp($ip_in_database);
# Check for IP match
if ($ip_in_database eq $ip_to_check) {
print "\n IP Matched\n";
$sth->finish();
exit;
}
}
print "\n IP Failed\n";
$sth->finish();
exit;