The following topics provide conceptual information and configuration instructions for AppExpert features that you might want to configure on a Citrix SWG appliance.

Pattern Sets and Data Sets - Policy expressions for performing string matching operations on a large set of string patterns.

Depending on the pattern type you want to match, you can use one of the following features to implement pattern matching:

  • A pattern set is an array of indexed patterns used for string matching during default syntax policy evaluation. Example of a pattern set: imagetypes {svg, bmp, png, gif, tiff, jpg}.
  • A data set is a specialized form of pattern set. It is an array of patterns of types number (integer), IPv4 address, or IPv6 address.

Variables - Objects that store information in the form of tokens and are used by responder policy actions.

Variables are of two types as given below:

  • Singleton variables. Can have a single value of one of the following types: ulong and text (max-size). The ulong type is an unsigned 64-bit integer, the text type is a sequence of bytes, and max-size is the maximum number of bytes in the sequence.

  • Map variables. Maps hold values associated with keys: each key-value pair is called a map entry. The key for each entry is unique within the map.

Policies and Expressions - Policies control web traffic that enters into a Citrix SWG appliance. A policy uses a logical expression, also called a rule, to evaluate requests, responses, or other data, and applies one or more actions determined by the outcome of the evaluation. Alternatively, a policy can apply a profile, which defines a complex action.

Responder - Policy that sends responses based on who sends the request, where it is sent from, and other criteria with security and system management implications. The feature is simple and quick to use. By avoiding the invocation of more complex features, it reduces CPU cycles and time spent in handling requests that do not require complex processing. For handling sensitive data such as financial information, if you want to ensure that the client uses a secure connection to browse a website, you can redirect the request to secure connection by using HTTPS protocol.

Rewrite - Policy that rewrites information in the requests and responses handled by the Citrix SWG appliance. Rewriting can help in providing access to the requested content without exposing unnecessary details about the website’s actual configuration.

URL Sets - Advanced Policy expressions to blacklist one million URL entries. To prevent access to restricted websites, a Citrix SWG appliance uses a specialized URL matching algorithm. The algorithm uses a URL set that can contain a list of URLs up to one million (1,000,000) blacklisted entries. Each entry can include metadata that defines URL categories and category groups as indexed patterns. The appliance can also periodically download URLs of highly sensitive URL sets managed by internet enforcement agencies (with government websites) or independent Internet organizations such as the Internet Watch Foundation (IWF).