- Action Analytics
-
AppExpert Applications and Templates
- How AppExpert application works
- Get started with AppExpert
-
Customize AppExpert Configuration
- Configure public endpoints
- Configure services and service groups for an application unit
- Create application units
- Configure application unit rules
- Configure policies for application units
- Configure application units
- Configure public endpoints for an application
- Specify the order of evaluation of application units
- Configure persistency groups for application units
- View AppExpert applications and configure entities by using application visualizer
- Configure user authentication
- Monitor Citrix ADC statistics
- Delete an AppExpert application
- Configure application authentication, authorization, and auditing
- Set up a custom Citrix ADC application
-
Creating and Managing Template Files
- Exporting an AppExpert Application to a Template File
- Exporting a Content Switching Virtual Server Configuration to a Template File
- Creating Variables in Application Templates
- Uploading and Downloading Template Files
- Understanding Citrix ADC Application Templates and Deployment Files
- Deleting a Template File
- Citrix Gateway Applications
- AppQoE
- Entity Templates
-
HTTP Callouts
- How an HTTP Callout Works
- Notes on the Format of HTTP Requests and Responses
- Configuring an HTTP Callout
- Verifying the Configuration
- Invoking an HTTP Callout
- Avoiding HTTP Callout Recursion
- Caching HTTP Callout Responses
- Use Case: Filtering Clients by Using an IP Blacklist
- Use Case: ESI Support for Fetching and Updating Content Dynamically
- Use Case: Access Control and Authentication
- Use Case: OWA-Based Spam Filtering
- Use Case: Dynamic Content Switching
- Pattern Sets and Data Sets
- Variables
-
Policies and Expressions
- Introduction to Policies and Expressions
-
Configuring Advanced Policy Infrastructure
- Rules for Names in Identifiers Used in Policies
- Creating or Modifying a Policy
- Policy Configuration Examples
- Binding Policies Using Advanced Policy
- Unbinding a Policy
- Creating Policy Labels
- Configuring a Policy Label or Virtual Server Policy Bank
- Invoking or Removing a Policy Label or Virtual Server Policy Bank
- Configuring and Binding Policies with the Policy Manager
-
Configuring Advanced Policy Expression: Getting Started
- Basic Elements of an Advanced Policy Expression
- Compound Advanced Policy Expressions
- Specifying the Character Set in Expressions
- Classic Expressions in Advanced Policy Expressions
- Configuring Advanced Policy Expressions in a Policy
- Configuring Named Advanced Policy Expressions
- Configuring Advanced Policy Expressions Outside the Context of a Policy
- Advanced Policy Expressions: Evaluating Text
-
Advanced Policy Expressions: Working with Dates, Times, and Numbers
- Format of Dates and Times in an Expression
- Expressions for the Citrix ADC System Time
- Expressions for SSL Certificate Dates
- Expressions for HTTP Request and Response Dates
- Generating the Day of the Week, as a String, in Short and Long Formats
- Expression Prefixes for Numeric Data Other Than Date and Time
- Converting Numbers to Text
- Virtual Server Based Expressions
-
Advanced Policy Expressions: Parsing HTTP, TCP, and UDP Data
- About Evaluating HTTP and TCP Payload
- Expressions for Identifying the Protocol in an Incoming IP Packet
- Expressions for HTTP and Cache-Control Headers
- Expressions for Extracting Segments of URLs
- Expressions for HTTP Status Codes and Numeric HTTP Payload Data Other Than Dates
- SIP Expressions
- Operations for HTTP, HTML, and XML Encoding and “Safe” Characters
- Expressions for TCP, UDP, and VLAN Data
- Expressions for Evaluating a DNS Message and Identifying Its Carrier Protocol
- XPath and HTML, XML, or JSON Expressions
- Encrypting and Decrypting XML Payloads
- Advanced Policy Expressions: Parsing SSL Certificates
- Advanced Policy Expressions: IP and MAC Addresses, Throughput, VLAN IDs
- Advanced Policy Expressions: Stream Analytics Functions
- Advanced Policy Expressions: DataStream
- Typecasting Data
- Regular Expressions
- Configuring Classic Policies and Expressions
- Expressions Reference-Advanced Policy Expressions
- Expressions Reference-Classic Expressions
- Summary Examples of Default Syntax Expressions and Policies
- Tutorial Examples of Default Syntax Policies for Rewrite
- Tutorial Examples of Classic Policies
- Migration of Apache mod_rewrite Rules to the Default Syntax
-
Rate Limiting
- Configuring a Stream Selector
- Configuring a Traffic Rate Limit Identifier
- Configuring and Binding a Traffic Rate Policy
- Viewing the Traffic Rate
- Testing a Rate-Based Policy
- Examples of Rate-Based Policies
- Sample Use Cases for Rate-Based Policies
- Rate Limiting for Traffic Domains
- Configure rate limit at packet level
-
Responder
- Enabling the Responder Feature
- Configuring a Responder Action
- Configuring a Responder Policy
- Binding a Responder Policy
- Setting the Default Action for a Responder Policy
- Responder Action and Policy Examples
- Diameter Support for Responder
- RADIUS Support for Responder
- DNS Support for the Responder Feature
- Troubleshooting
-
Rewrite
- How Rewrite Works
- Enabling the Rewrite Feature
- Configuring a Rewrite Action
- Configuring a Rewrite Policy
- Binding a Rewrite Policy
- Configuring Rewrite Policy Labels
- Configuring the Default Rewrite Action
- Bypassing the Safety Check
-
Rewrite Action and Policy Examples
- Example 1: Delete Old X-Forwarded-For and Client-IP Headers
- Example 2: Adding a Local Client-IP Header
- Example 3: Tagging Secure and Insecure Connections
- Example 4: Mask the HTTP Server Type
- Example 5: Redirect an External URL to an Internal URL
- Example 6: Migrating Apache Rewrite Module Rules
- Example 7: Marketing Keyword Redirection
- Example 8: Redirect Queries to the Queried Server
- Example 9: Home Page Redirection
- Example 10: Policy-based RSA Encryption
- Example 11: policy-based RSA encryption with no padding
- URL Transformation
- RADIUS Support for the Rewrite Feature
- Diameter Support for Rewrite
- DNS Support for the Rewrite Feature
- String Maps
- URL Sets
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This content has been machine translated dynamically.
Translation failed!
DNS Support for the Rewrite Feature
You can configure the rewrite feature to modify DNS requests and responses, as you would for HTTP or TCP requests and responses. You can use rewrite to manage the flow of DNS requests, and make necessary modifications in the header, or in the answer section. For example, if the DNS response does not have the AA bit set in the header flag, you can use rewrite to set the AA bit in the DNS response and send it to the client.
DNS Expressions
In a rewrite configuration, you can use the following Citrix ADC expressions to refer to various portions of a DNS request or response:
See Expressions and Descriptions
DNS Bind Points
The following global bind points are available for policies that contain DNS expressions.
| Bind Points | Description |
|---|---|
| DNS_REQ_OVERRIDE | Override request policy queue. |
| DNS_REQ_DEFAULT | Standard request policy queue. |
| DNS_RES_OVERRIDE | Override response policy queue. |
| DNS_RES_DEFAULT | Standard response policy queue. |
In addition to the default bind points, you can create policy labels of type DNS_REQ or DNS_RES and bind DNS policies to them.
Rewrite Action Types for DNS
- replace_dns_answer_section—This action replaces the DNS answers section with the defined expression in the DNS policy.
- replace_dns_header_field—Checks the opcode type in the DNS request. Returns True or False, indicating whether the opcode type in the DNS request matches the specified opcode type. This action replaces the DNS header section with the defined expression in the DNS policy.
Configuring Rewrite Policies for DNS
The following procedure uses the Citrix ADC command line to configure a rewrite action and policy and bind the policy to a rewrite-specific global bind point.
Configure Rewrite action and policy, and bind the policy for DNS
At the command prompt, type the following commands:
-
add rewrite action <actName> <actType>
For <actname>, substitute a name for your new action. The name can be 1 to 127 characters in length, and can contain letters, numbers, hyphen (-), and underscore (_) symbols. For <actType>, specify the rewrite action types provided for DNS expressions.
-
add rewrite policy <polName> <rule> <actName>
For <polname>, substitute a name for your new policy. For <actname>, the name can be 1 to 127 characters in length, and can contain letters, numbers, hyphen (-), and underscore (_) symbols. For <actname>, substitute the name of the action that you just created.
-
bind rewrite global <polName> <priority> < gotoPriorityExpression> -type <bindPoint>
For <polName>, substitute the name of the policy that you just created. For <priority>, specify the priority of the policy. For <bindPoint>, substitute one of the rewrite -specific global bind points.
Example:
Set the AA bit of DNS request to load balance virtual server.
The following commands configure the Citrix ADC appliance to act as an authoritative DNS server for all the queries that it serves.
add rewrite action set_aa replace_dns_header_field dns.req.header.flags.set(aa)
add rewrite policy pol !dns.req.header.flags.is_set(aa) set_aa
bind rewrite global pol 100 -type dns_res_override
Modify the response answer and header section.
If the server responds with an NX domain, you can set the rewrite action to replace the response with specified IP address. A NOPOLICY-REWRITE enables you to invoke an enternal bank without processing an expression (a rule). This entry is a dummy policy that does not contain a rule but directs the entry to a policy label or virtual server specific policy banks.
add rewrite action set_aa_res replace_dns_header_field "dns.res.header.flags.set(aa)"
add rewrite action modify_nxdomain_res replace_dns_answer_section "dns.new_rrset_a(\"10.102.218.160\",300)"
add rewrite policy set_res_aa true set_aa_res
add add rewrite policy modify_answer "dns.RES.HEADER.RCODE.EQ(nxdomain) && dns.RES.QUESTION.TYPE.EQ(A)"
modify_nxdomain_res
add rewrite policylabel MODIFY_NODATA dns_res
bind rewrite policylabel MODIFY_NODATA modify_answer 10 END
bind rewrite policylabel MODIFY_NODATA set_res_aa 11 END
bind lb vserver v1 -policyName NOPOLICY-REWRITE -priority 11 -gotoPriorityExpression END -type
RESPONSE -invoke policylabel MODIFY_NODATA
Limitations:
- Rewrite policies are evaluated only if the Citrix ADC appliance is configured as a DNS proxy server and there is a cache miss.
- If the Recursion Available (RA) flag in the header is set to YES, the RA flag will not be modified in the rewrites.
- If the RA flag in the header is set to YES, the CD flag in the header is modified regardless of any rewrite action.