ADC

Rewrite

Warning

Filter features using classic policies are deprecated and as an alternative Citrix recommends you to use the rewrite and responder features with advanced policy infrastructure.

Rewrite refers to the rewriting of some information in the requests or responses handled by the Citrix ADC appliance. Rewriting can help in providing access to the requested content without exposing unnecessary details about the Web site’s actual configuration. A few situations in which the rewrite feature is useful are described below:

  • To improve security, the Citrix ADC can rewrite all the http://links to https:// in the response body.
  • In the SSL offload deployment, the insecure links in the response have to be converted into secure links. Using the rewrite option, you can rewrite all the http://links to https:// for making sure that the outgoing responses from Citrix ADC to the client have the secured links.
  • If a Web site has to show an error page, you can show a custom error page instead of the default 404 Error page. For example, if you show the home page or site map of the Web site instead of an error page, the visitor remains on the site instead of moving away from the Web site.
  • If you want to launch a new Web site, but use the old URL, you can use the Rewrite option.
  • When a topic in a site has a complicated URL, you can rewrite it with a simple, easy-to-remember URL (also referred to as ‘cool URL’).
  • You can append the default page name to the URL of a Web site. For example, if the default page of a company’s Web site is http://www.abc.com/index.php, when the user types ‘abc.com’ in the address bar of the browser, you can rewrite the URL to ‘abc.com/index.php’.

When you enable the rewrite feature, Citrix ADC can modify the headers and body of HTTP requests and responses.

To rewrite HTTP requests and responses, you can use protocol-aware Citrix ADC policy expressions in the rewrite policies you configure. The virtual servers that manage the HTTP requests and responses must be of type HTTP or SSL. In HTTP traffic, you can take the following actions:

  • Modify the URL of a request
  • Add, modify or delete headers
  • Add, replace, or delete any specific string within the body or headers.

To rewrite TCP payloads, consider the payload as a raw stream of bytes. Each of the virtual servers that managing the TCP connections must be of type TCP or SSL_TCP. The term TCP rewrite is used to refer to the rewrite of TCP payloads that are not HTTP data. In TCP traffic, you can add, modify, or delete any part of the TCP payload.

For examples to use the rewrite feature, see Rewrite Action and Policy Examples.

Comparison between Rewrite and Responder options

The main difference between the rewrite feature and the responder feature is as follows:

Responder cannot be used for response or server-based expressions. Responder can be used only for the following scenarios depending on client parameters:

  • Redirecting a http request to new Web sites or Web pages
  • Responding with some custom response
  • Dropping or resetting a connection at request level

In case of a responder policy, the Citrix ADC examines the request from the client, takes action according to the applicable policies, sends the response to the client, and closes the connection with the client.

In case of a rewrite policy, the Citrix ADC examines the request from the client or response from the server, takes action according to the applicable policies, and forwards the traffic to the client or the server.

In general, it is recommended to use responder if you want the Citrix ADC to reset or drop a connection based on a client or request-based parameter. Use responder to redirect traffic, or respond with custom messages. Use rewrite for manipulating data on HTTP requests and responses.

Rewrite