ADC

Expressions reference-classic expressions

Warning

Classic policy expressions are no longer supported from Citrix ADC 12.0 build 56.20 onwards and as an alternative, Citrix recommends you to use Advanced policies. For more information, see Advanced Policies

The subtopics listed in the table of contents on the left side of your screen contain tables listing the Citrix ADC classic expressions.

In the table of operators, the result type of each operator is shown at the beginning of the description. In the other tables, the level of each expression is shown at the beginning of the description. For named expressions, each expression is shown as a whole.

Operators

Expression Element Definition
== Boolean. Returns TRUE if the current expression equals the argument. For text operations, the items being compared must exactly match one another. For numeric operations, the items must evaluate to the same number.
!= Boolean. Returns TRUE if the current expression does not equal the argument. For text operations, the items being compared must not exactly match one another. For numeric operations, the items must not evaluate to the same number.
CONTAINS Boolean. Returns TRUE if the current expression contains the string that is designated in the argument.
NOTCONTAINS Boolean. Returns TRUE if the current expression does not contain the string that is designated in the argument.
CONTENTS Text. Returns the contents of the current expression.
EXISTS Boolean. Returns TRUE if the item designated by the current expression exists.
NOTEXISTS Boolean. Returns TRUE if the item designated by the current expression does not exist.
Boolean. Returns TRUE if the current expression evaluates to a number that is greater than the argument.
< Boolean. Returns TRUE if the current expression evaluates to a number that is less than the argument.

=

Boolean. Returns TRUE if the current expression evaluates to a number that is greater than or equal to the argument.
<= Boolean. Returns TRUE if the current expression evaluates to a number that is less than or equal to the argument.

General expressions

Expression Element Definition
REQ Flow Type. Operates on incoming (or request) packets.
REQ.HTTP Protocol. Operates on HTTP requests.
REQ.HTTP.METHOD Qualifier. Designates the HTTP method.
REQ.HTTP.URL Qualifier. Designates the URL.
REQ.HTTP.URLTOKENS Qualifier. Designates the URL token.
REQ.HTTP.VERSION Qualifier. Designates the HTTP version.
REQ.HTTP.HEADER Qualifier. Designates the HTTP header.
REQ.HTTP.URLLEN Qualifier. Designates the number of characters in the URL.
REQ.HTTP.URLQUERY Qualifier. Designates the query portion of the URL.
REQ.HTTP.URLQUERYLEN Qualifier. Designates the length of the query portion of the URL.
REQ.SSL Protocol. Operates on SSL requests.
REQ.SSL.CLIENT.CERT Qualifier. Designates the entire client certificate.
REQ.SSL.CLIENT.CERT.SUBJECT Qualifier. Designates the client certificate subject.
REQ.SSL.CLIENT.CERT.ISSUER Qualifier. Designates the issuer of the client certificate.
REQ.SSL.CLIENT.CERT.SIGALGO Qualifier. Designates the validation algorithm used by the client certificate.
REQ.SSL.CLIENT.CERT.VERSION Qualifier. Designates the client certificate version.
REQ.SSL.CLIENT.CERT.VALIDFROM Qualifier. Designates the date before which the client certificate is not valid.
REQ.SSL.CLIENT.CERT.VALIDTO Qualifier. Designates the date after which the client certificate is not valid.
REQ.SSL.CLIENT.CERT.SERIALNUMBER Qualifier. Designates the serial number of the client certificate.
REQ.SSL.CLIENT.CIPHER.TYPE Qualifier. Designates the encryption protocol used by the client.
REQ.SSL.CLIENT.CIPHER.BITS Qualifier. Designates the number of bits used by the client’s SSL key.
REQ.SSL.CLIENT.SSL.VERSION Qualifier. Designates the SSL version that the client is using.
REQ.TCP Protocol. Operates on incoming TCP packets.
REQ.TCP.SOURCEPORT Qualifier. Designates the source port of the incoming packet.
REQ.TCP.DESTPORT Qualifier. Designates the destination port of the incoming packet.
REQ.IP Protocol. Operates on incoming IP packets.
REQ.IP.SOURCEIP Qualifier. Designates the source IP of the incoming packet.
REQ.IP.DESTIP Qualifier.Designates the destination IP of the incoming packet.
RES Flow Type. Operates on outgoing (or response) packets.
RES.HTTP Protocol. Operates on HTTP responses.
RES.HTTP.VERSION Qualifier. Designates the HTTP version.
RES.HTTP.HEADER Qualifier. Designates the HTTP header.
RES.HTTP.STATUSCODE Qualifier. Designates the status code of the HTTP response.
RES.TCP Protocol. Operates on incoming TCP packets.
RES.TCP.SOURCEPORT Qualifier. Designates the source port of the outgoing packet.
RES.TCP.DESTPORT Qualifier. Designates the destination port of the outgoing packet.
RES.IP Protocol. Operates on outgoing IP packets.
RES.IP.SOURCEIP Qualifier. Designates the source IP of the outgoing packet. This can be in IPv4 or IPv6 format. For example: add expr exp3 “sourceip == 10.102.32.123 –netmask 255.255.255.0 && destip == 2001::23/120”.
RES.IP.DESTIP Qualifier. Designates the destination IP of the outgoing packet.

Client security expressions

The expressions to configure client settings on the Access Gateway with the following software:

  • Antivirus
  • Personal firewall
  • Antispam
  • Internet Security

For example usage, see http://support.citrix.com/article/CTX112599.

Actual Expression Definition
CLIENT.APPLICATION.AV(.VERSION == ) Checks whether the client is running the designated anti-virus program and version.
CLIENT.APPLICATION.AV(.VERSION != ) Checks whether the client is not running the designated anti-virus program and version.
CLIENT.APPLICATION.PF(.VERSION == ) Checks whether the client is running the designated personal firewall program and version.
CLIENT.APPLICATION.PF(.VERSION != ) Checks whether the client is not running the designated personal firewall program and version.
CLIENT.APPLICATION.IS(.VERSION == ) Checks whether the client is running the designated internet security program and version.
CLIENT.APPLICATION.IS(.VERSION != ) Checks whether the client is not running the designated internet security program and version.
CLIENT.APPLICATION.AS(.VERSION == ) Checks whether the client is running the designated anti-spam program and version.
CLIENT.APPLICATION.AS(.VERSION != ) Checks whether the client is not running the designated anti-spam program and version.

Network-based expressions

Expression Definition
REQ Flow Type. Operates on incoming, or request, packets.
REQ.VLANID Qualifier. Operates on the virtual LAN (VLAN) ID.
REQ.INTERFACE.ID Qualifier. Operates on the ID of the designated Citrix ADC interface.
REQ.INTERFACE.RXTHROUGHPUT Qualifier. Operates on the raw received packet throughput of the designated Citrix ADC interface.
REQ.INTERFACE.TXTHROUGHPUT Qualifier. Operates on the raw transmitted packet throughput of the designated Citrix ADC interface.
REQ.INTERFACE.RXTXTHROUGHPUT Qualifier. Operates on the raw received and transmitted packet throughput of the designated Citrix ADC interface.
REQ.ETHER.SOURCEMAC Qualifier. Operates on the source MAC address.
REQ.ETHER.DESTMAC Qualifier. Operates on the destination MAC address.
RES Flow Type. Operates on outgoing (or response) packets.
RES.VLANID Qualifier. Operates on the virtual LAN (VLAN) ID.
RES.INTERFACE.ID Qualifier. Operates on the ID of the designated Citrix ADC interface.
RES.INTERFACE.RXTHROUGHPUT Qualifier. Operates on the raw received packet throughput of the designated Citrix ADC interface.
RES.INTERFACE.TXTHROUGHPUT Qualifier. Operates on the raw transmitted packet throughput of the designated Citrix ADC interface.
RES.INTERFACE.RXTXTHROUGHPUT Qualifier. Operates on the raw received and transmitted packet throughput of the designated Citrix ADC interface.
RES.ETHER.SOURCEMAC Qualifier. Operates on the source MAC address.
RES.ETHER.DESTMAC Qualifier. Operates on the destination MAC address.

Date/time expressions

Expression Definition
TIME Qualifier. Operates on the date and time of day, GMT.
DATE Qualifier. Operates on the date, GMT.
DAYOFWEEK Operates on the specified day in the week, GMT.

File system expressions

You can specify file system expressions in authorization policies for users and groups who access file sharing through the Citrix Gateway file transfer utility (the VPN portal). These expressions work with the Citrix Gateway file transfer authorization feature to control user access to file servers, folders, and files. For example, you can use these expressions in authorization policies to control access based on file type and size.

For more information, refer to the File Name Expression pdf.

Note: File system expressions do not support regular expressions.

Built-in named expressions (General)

Expression Definition
ns_all_apps_ncomp Tests for connections with destination ports between 0 and 65535. In other words, tests for all applications.
ns_cachecontrol_nocache Tests for connections with an HTTP Cache-Control header that contains the value “no-cache”.
ns_cachecontrol_nostore Tests for connections with an HTTP Cache-Control header that contains the value “no-store”.
ns_cmpclient Tests the client to determine if it accepts compressed content.
ns_content_type Tests for connections with an HTTP Content-Type header that contains “text”.
ns_css Tests for connections with an HTTP Content-Type header that contains “text/css”.
ns_ext_asp Tests for HTTP connections to any URL that contains the string .asp—in other words, any connection to an active server page (ASP).
ns_ext_cfm Tests for HTTP connections to any URL that contains the string .cfm
ns_ext_cgi Tests for HTTP connections to any URL that contains the string .cgi—in other words, any connection to a common gateway interface (CGI) script.
ns_ext_ex Tests for HTTP connections to any URL that contains the string .ex
ns_ext_exe Tests for HTTP connections to any URL that contains the string .exe—in other words, any connection to a executable file.
ns_ext_htx Tests for HTTP connections to any URL that contains the string .htx
ns_ext_not_gif Tests for HTTP connections to any URL that does not contain the string .gif—in other words, any connection to a URL that is not a GIF image.
ns_ext_not_jpeg Tests for HTTP connections to any URL that does not contain the string .jpeg—in other words, any connection to a URL that is not a JPEG image.
ns_ext_shtml Tests for HTTP connections to any URL that contains the string .shtml—in other words, any connection to a server-parsed HTML page.
ns_false Always returns a value of FALSE.
ns_farclient Client is in a different geographical region from the Citrix ADC, as determined by the geographical region in the client’s IP address. The following regions are predefined: 192.0.0.0 – 193.255.255.255: Multi-regional, 194.0.0.0 – 195.255.255.255: European Union, 196.0.0.0 – 197.255.255.255: Other1, 198.0.0.0 – , 199.255.255.255: North America, 200.0.0.0 – 201.255.255.255: Central and South America, 202.0.0.0 – 203.255.255.255: Pacific Rim, 204.0.0.0 – 205.255.255.255: Other2, and 206.0.0.0 – 207.255.255.255: Other3
ns_header_cookie Tests for HTTP connections that contain a Cookie header.
ns_header_pragma Tests for HTTP connections that contain a Pragma: no-cache header.
ns_mozilla_47 Tests for HTTP connections whose User-Agent header contains the string Mozilla/4.7—in other words, any connection from a client using the Mozilla 4.7 Web browser.
ns_msexcel Tests for HTTP connections whose Content-Type header contains the string application/vnd.msexcel—in other words, any connection transmitting a Microsoft Excel spreadsheet.
ns_msie Tests for HTTP connections whose User-Agent header contains the string MSIE—in other words, any connection from a client using any version of the Internet Explorer Web browser.
ns_msppt Tests for HTTP connections whose Content-Type header contains the string application/vnd.ms-powerpoint—in other words, any connection transmitting a Microsoft PowerPoint file.
ns_msword Tests for HTTP connections whose Content-Type header contains the string application/vnd.msword—in other words, any connection transmitting a Microsoft Word file.
ns_non_get Tests for HTTP connections that use any HTTP method except for GET.
ns_slowclient Returns TRUE if the average round trip time between the client and the Citrix ADC is more than 80 milliseconds.
ns_true Returns TRUE for all traffic.
ns_url_path_bin Tests the URL path to see if it points to the /bin/ directory.
ns_url_path_cgibin Tests the URL path to see if it points to the CGI-BIN directory.
ns_url_path_exec Tests the URL path to see if it points to the /exec/directory.
ns_url_tokens Tests for the presence of URL tokens.
ns_xmldata Tests for the presence of XML data.

Built-in named expressions (Anti-Virus)

Expression Definition
McAfee Virus Scan 11 Tests to determine whether the client is running the latest version of McAfee VirusScan.
McAfee Antivirus Tests to determine whether the client is running any version of McAfee Antivirus.
Symantec AntiVirus 10 (with Updated Definition File) Tests to determine whether the client is running the most current version of Symantec AntiVirus.
Symantec AntiVirus 6.0 Tests to determine whether the client is running Symantec AntiVirus 6.0.
Symantec AntiVirus 7.5 Tests to determine whether the client is running Symantec AntiVirus 7.5.
TrendMicro OfficeScan 7.3 Tests to determine whether the client is running Trend Microsystems’ OfficeScan, version 7.3.
TrendMicro AntiVirus 11.25 Tests to determine whether the client is running Trend Microsystems’ AntiVirus, version 11.25.
Sophos Antivirus 4 Tests to determine whether the client is running Sophos Antivirus, version 4.
Sophos Antivirus 5 Tests to determine whether the client is running Sophos Antivirus, version 5.
Sophos Antivirus 6 Tests to determine whether the client is running Sophos Antivirus, version 6.

Built-in named expressions (Personal Firewall)

Expression Definition
TrendMicro OfficeScan 7.3 Tests to determine whether the client is running Trend Microsystems’ OfficeScan, version 7.3.
Sygate Personal Firewall 5.6 Tests to determine whether the client is running the Sygate Personal Firewall, version 5.6.
ZoneAlarm Personal Firewall 6.5 Tests to determine whether the client is running the ZoneAlarm Personal Firewall, version 6.5.

Built-in named expressions (Client Security)

Expression Definition
Norton Internet Security Tests to determine whether the client is running any version of Norton Internet Security.
Expressions reference-classic expressions