- Action Analytics
-
AppExpert Applications and Templates
- How AppExpert application works
- Get started with AppExpert
-
Customize AppExpert Configuration
- Configure public endpoints
- Configure services and service groups for an application unit
- Create application units
- Configure application unit rules
- Configure policies for application units
- Configure application units
- Configure public endpoints for an application
- Specify the order of evaluation of application units
- Configure persistency groups for application units
- View AppExpert applications and configure entities by using application visualizer
- Configure user authentication
- Monitor Citrix ADC statistics
- Delete an AppExpert application
- Configure application authentication, authorization, and auditing
- Set up a custom Citrix ADC application
-
Creating and Managing Template Files
- Exporting an AppExpert Application to a Template File
- Exporting a Content Switching Virtual Server Configuration to a Template File
- Creating Variables in Application Templates
- Uploading and Downloading Template Files
- Understanding Citrix ADC Application Templates and Deployment Files
- Deleting a Template File
- Citrix Gateway Applications
- AppQoE
- Entity Templates
-
HTTP Callouts
- How an HTTP Callout Works
- Notes on the Format of HTTP Requests and Responses
- Configuring an HTTP Callout
- Verifying the Configuration
- Invoking an HTTP Callout
- Avoiding HTTP Callout Recursion
- Caching HTTP Callout Responses
- Use Case: Filtering Clients by Using an IP Blacklist
- Use Case: ESI Support for Fetching and Updating Content Dynamically
- Use Case: Access Control and Authentication
- Use Case: OWA-Based Spam Filtering
- Use Case: Dynamic Content Switching
- Pattern Sets and Data Sets
- Variables
-
Policies and Expressions
- Introduction to Policies and Expressions
-
Configuring Advanced Policy Infrastructure
- Rules for Names in Identifiers Used in Policies
- Creating or Modifying a Policy
- Policy Configuration Examples
- Binding Policies Using Advanced Policy
- Unbinding a Policy
- Creating Policy Labels
- Configuring a Policy Label or Virtual Server Policy Bank
- Invoking or Removing a Policy Label or Virtual Server Policy Bank
- Configuring and Binding Policies with the Policy Manager
-
Configuring Advanced Policy Expression: Getting Started
- Basic Elements of an Advanced Policy Expression
- Compound Advanced Policy Expressions
- Specifying the Character Set in Expressions
- Classic Expressions in Advanced Policy Expressions
- Configuring Advanced Policy Expressions in a Policy
- Configuring Named Advanced Policy Expressions
- Configuring Advanced Policy Expressions Outside the Context of a Policy
- Advanced Policy Expressions: Evaluating Text
-
Advanced Policy Expressions: Working with Dates, Times, and Numbers
- Format of Dates and Times in an Expression
- Expressions for the Citrix ADC System Time
- Expressions for SSL Certificate Dates
- Expressions for HTTP Request and Response Dates
- Generating the Day of the Week, as a String, in Short and Long Formats
- Expression Prefixes for Numeric Data Other Than Date and Time
- Converting Numbers to Text
- Virtual Server Based Expressions
-
Advanced Policy Expressions: Parsing HTTP, TCP, and UDP Data
- About Evaluating HTTP and TCP Payload
- Expressions for Identifying the Protocol in an Incoming IP Packet
- Expressions for HTTP and Cache-Control Headers
- Expressions for Extracting Segments of URLs
- Expressions for HTTP Status Codes and Numeric HTTP Payload Data Other Than Dates
- SIP Expressions
- Operations for HTTP, HTML, and XML Encoding and “Safe” Characters
- Expressions for TCP, UDP, and VLAN Data
- Expressions for Evaluating a DNS Message and Identifying Its Carrier Protocol
- XPath and HTML, XML, or JSON Expressions
- Encrypting and Decrypting XML Payloads
- Advanced Policy Expressions: Parsing SSL Certificates
- Advanced Policy Expressions: IP and MAC Addresses, Throughput, VLAN IDs
- Advanced Policy Expressions: Stream Analytics Functions
- Advanced Policy Expressions: DataStream
- Typecasting Data
- Regular Expressions
- Configuring Classic Policies and Expressions
- Expressions Reference-Advanced Policy Expressions
- Expressions Reference-Classic Expressions
- Summary Examples of Default Syntax Expressions and Policies
- Tutorial Examples of Default Syntax Policies for Rewrite
- Tutorial Examples of Classic Policies
- Migration of Apache mod_rewrite Rules to the Default Syntax
-
Rate Limiting
- Configuring a Stream Selector
- Configuring a Traffic Rate Limit Identifier
- Configuring and Binding a Traffic Rate Policy
- Viewing the Traffic Rate
- Testing a Rate-Based Policy
- Examples of Rate-Based Policies
- Sample Use Cases for Rate-Based Policies
- Rate Limiting for Traffic Domains
- Configure rate limit at packet level
-
Responder
- Enabling the Responder Feature
- Configuring a Responder Action
- Configuring a Responder Policy
- Binding a Responder Policy
- Setting the Default Action for a Responder Policy
- Responder Action and Policy Examples
- Diameter Support for Responder
- RADIUS Support for Responder
- DNS Support for the Responder Feature
- Troubleshooting
-
Rewrite
- How Rewrite Works
- Enabling the Rewrite Feature
- Configuring a Rewrite Action
- Configuring a Rewrite Policy
- Binding a Rewrite Policy
- Configuring Rewrite Policy Labels
- Configuring the Default Rewrite Action
- Bypassing the Safety Check
-
Rewrite Action and Policy Examples
- Example 1: Delete Old X-Forwarded-For and Client-IP Headers
- Example 2: Adding a Local Client-IP Header
- Example 3: Tagging Secure and Insecure Connections
- Example 4: Mask the HTTP Server Type
- Example 5: Redirect an External URL to an Internal URL
- Example 6: Migrating Apache Rewrite Module Rules
- Example 7: Marketing Keyword Redirection
- Example 8: Redirect Queries to the Queried Server
- Example 9: Home Page Redirection
- Example 10: Policy-based RSA Encryption
- Example 11: policy-based RSA encryption with no padding
- URL Transformation
- RADIUS Support for the Rewrite Feature
- Diameter Support for Rewrite
- DNS Support for the Rewrite Feature
- String Maps
- URL Sets
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This content has been machine translated dynamically.
Translation failed!
Sample Use Cases for Rate-Based Policies
January 23, 2019
| Contributed by:
The following scenarios describe two uses of rate-based policies in global server load balancing (GSLB):
- The first scenario describes the use of a rate-based policy that sends traffic to a new data center if the rate of DNS requests exceed 1000 per second.
- In the second scenario, if more than five DNS requests arrive for a local DNS (LDNS) client within a particular period, the additional requests are dropped.
Redirecting Traffic on the Basis of Traffic Rate
In this scenario, you configure a proximity-based load balancing method, and a rate-limiting policy that identifies DNS requests for a particular region. In the rate-limiting policy, you specify a threshold of 1000 DNS requests per second. A DNS policy applies the rate limiting policy to DNS requests for the region “Europe.GB.17.London.UK-East.ISP-UK.” In the DNS policy, DNS requests that exceed the rate limiting threshold, starting with request 1001 and continuing to the end of the one-second interval, are to be forwarded to the IP addresses that are associated with the region “North America.US.TX.Dallas.US-East.ISP-US.”
The following configuration demonstrates this scenario:
add stream selector DNSSelector1 client.udp.dns.domain
add ns limitIdentifier DNSLimitIdentifier1 -threshold 5 -timeSlice 1000 -selectorName DNSSelector1
add dns policy DNSLimitPolicy1 "client.ip.src.matches_location(\"Europe.GB.17.London.*.*\") &&
sys.check_limit(\"DNSLimitIdentifier1\")" -preferredLocation "North America.US.TX.Dallas.*.*"
bind dns global DNSLimitPolicy1 5
Dropping DNS Requests on the Basis of Traffic Rate
In the following example of global server load balancing, you configure a rate limiting policy that permits a maximum of five DNS requests in a particular interval, per domain, to be directed to an LDNS client for resolution. Any requests that exceed this rate are dropped. This type of policy can help protect the Citrix ADC from resource exploitation. For example, in this scenario, if the time to live (TTL) for a connection is five seconds, this policy prevents the LDNS from requerying a domain. Instead, it uses data that is cached on the Citrix ADC.
add stream selector LDNSSelector1 client.udp.dns.domain client.ip.src
add ns limitIdentifier LDNSLimitIdentifier1 -threshold 5 -timeSlice 1000 -selectorName LDNSSelector1
add dns policy LDNSPolicy1 "client.udp.dns.domain.contains(\".\") && sys.check_limit(\"LDNSLimitIdentifier1\")" -drop YES
bind dns global LDNSPolicy1 6
show gslb vserver gvip
gvip - HTTP State: UP
Last state change was at Mon Sep 8 11:50:48 2008 (+711 ms)
Time since last state change: 1 days, 02:55:08.830
Configured Method: STATICPROXIMITY
BackupMethod: ROUNDROBIN
No. of Bound Services : 3 (Total) 3 (Active)
Persistence: NONE Persistence ID: 100
Disable Primary Vserver on Down: DISABLED Site Persistence: NONE
Backup Session Timeout: 0
Empty Down Response: DISABLED
Multi IP Response: DISABLED Dynamic Weights: DISABLED
Cname Flag: DISABLED
Effective State Considered: NONE
1) site11_svc(10.100.00.00: 80)- HTTP State: UP Weight: 1
Dynamic Weight: 0 Cumulative Weight: 1
Effective State: UP
Threshold : BELOW
Location: Europe.GB.17.London.UK-East.ISP-UK
2) site12_svc(10.101.00.100: 80)- HTTP State: UP Weight: 1
Dynamic Weight: 0 Cumulative Weight: 1
Effective State: UP
Threshold : BELOW
Location: North America.US.TX.Dallas.US-East.ISP-US
3) site13_svc(10.102.00.200: 80)- HTTP State: UP Weight: 1
Dynamic Weight: 0 Cumulative Weight: 1
Effective State: UP
Threshold : BELOW
Location: North America.US.NJ.Salem.US-Mid.ISP-US
1) www.gslbindia.com TTL: 5 secn
Cookie Timeout: 0 min Site domain TTL: 3600 sec
Done
The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only. Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Citrix product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Citrix will not be held responsible for any damage or issues that may arise from using machine-translated content.
THIS SERVICE MAY CONTAIN TRANSLATIONS POWERED BY GOOGLE. GOOGLE DISCLAIMS ALL WARRANTIES RELATED TO THE TRANSLATIONS, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF ACCURACY, RELIABILITY, AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
Support: https://www.citrix.com/support
Feedback and forums: https://discussions.citrix.com
Version