ADC

Troubleshooting

If the content filtering feature does not work as expected after you have configured it, you can use some common tools to access Citrix ADC resources and diagnose the problem.

Resources for troubleshooting

You can use the following tools and resources to troubleshoot most Content Filtering issues on a Citrix ADC appliance:

  • The Wireshark application customized for the Citrix ADC trace files
  • Trace files recorded when accessing the resource
  • The configuration files
  • The ns.log file
  • The iehttpheaders, or a Fiddler trace or a similar utility

Troubleshooting content filtering issues

To troubleshoot a content filtering issue, proceed as follows:

  • Verify that the feature is enabled.
  • Verify that the content filtering policy is configured correctly. Pay special attention to the expression that evaluates the incoming requests.

    Note

    Most content filtering issues are caused by incorrect configuration, and the error is most often in the policy configuration.

  • Check the policy’s select counter to verify that it is incrementing. If it is not, the policy is not getting evaluated.
  • If the policy is getting evaluated and the required filtering is still not performed, you need to look into the policy expressions and action.
  • If the policy’s expression seems valid, test it by assigning a simple NSTRUE value to see if the evaluation of the expression is creating any issue.
  • Reevaluate whether the filtering must be based on the request or the response.
  • Verify that the action is configured correctly. For example, if a custom action is used to corrupt a header in the request, verify that the header name in the action is correct. If you are not sure about the header name, start a browser with iehttpheaders or a similar utility, and then verify the headers in the request. When this feature is used, you can use ns trace to find out if appropriate action is performed when the packets leave Citrix ADC appliance.
  • An iehttpheaders or Fiddler trace can help you find header options and names, client-side request headers, and response headers recorded on the client.
  • To check the modifications made to the request header, record an ns trace on the Citrix ADC appliance or a Wireshark trace on the server.
  • If none of the above measures resolves the issue, verify that the connection has not become untrackable, which can happen in certain circumstances. If a connection becomes untrackable, the appliance does not perform any application-level processing of the requests. In that event, contact Citrix Technical Support.
Troubleshooting