NetScaler

Expression prefixes for VPNs and clientless VPNs

September 21, 2020

Contributed by:

S S

The Advanced policy engine provides prefixes that are specific to parsing VPN or Clientless VPN data. This data includes the following:

Host names, domains, and URLs in VPN traffic.
Protocols in the VPN traffic.
Queries in the VPN traffic.

These text elements are often URLs and components of URLs. In addition to applying the text-based operations on these elements, you can parse these elements by using operations that are specific to parsing URLs. For more information, see Expressions for extracting segments of URLs

The following table describes the expression prefixes for this type of data.

VPN and Clientless VPN Expression	Description
VPN.BASEURL.CVPN_DECODE	Extracts the original URL from a clientless VPN URL.
VPN.BASEURL.CVPN_ENCODE	Converts a URL to clientless VPN format.
VPN.BASEURL.HOSTNAME	Extracts the HTTP host name from the host name in the URL. This prefix cannot be used in bidirectional policies.
VPN.BASEURL.HOSTNAME.DOMAIN	Extracts the domain name from the host name. For example, if the host name is `www.mycompany.com` or `www.mycompany.com:8080`, this prefix extracts `mycompany.com`. This prefix returns incorrect results if the host name is an IP address. For information on expressions for IP addresses, see “Default Syntax Expressions: IP and MAC Addresses, Throughput, VLAN IDs.” All text operations after this prefix are case insensitive.
`VPN.BASEURL.HOSTNAME.EQ (\<hostname\>`)	Returns a Boolean TRUE if the host name matches `\<hostname\>`. The comparison is case insensitive. For example, if the host name is `www.mycompany.com`, the following returns TRUE: vpn.baseurl.hostname.eq(`"www.mycompany.com"`). If the text mode is URLENCODED, the host name is decoded before comparison. For more information, see “Operations for HTTP, HTML, and XML Encoding and “Safe” Characters.”
VPN.BASEURL.HOSTNAME.SERVER	Evaluates the server portion of the host name. For example, if the host name is `www.mycompany.com` or `www.mycompany.com:8080`, the server is `www.mycompany.com`. All text operations after this prefix are case insensitive.
VPN.BASEURL.PATH	Extracts a slash- (/) separated list from the path component of the URL. For example, this prefix extracts /a/b/c/mypage.html from the following URL: <`http://www.mycompany.com/a/b/c/mypage.html?a=1`>. The following expression selects just the “a”: http.req.url.path.get(1). For more information on the GET operation, see “Expressions for Extracting Segments of URLs.”
VPN.BASEURL.PATH.IGNORE_EMPTY_ELEMENTS	This prefix ignores the elements in a list. For example, the following comma-separated list has an empty element after “a=10”: a=10,,b=11, ,c=89. The element following b=11 contains a space, and by default, is not considered an empty element. Consider the following HTTP header: Cust_Header : 123,,24, ,15. The following expression returns a count of 4 when evaluating this header: http.req.header(“Cust_Header”).typecase_list_t(‘,’).ignore_empty_elements.count. The following expression returns a count of 5 when evaluating this header: http.req.header(“Cust_Header”).typecase_list_t(‘,’). count
VPN.BASEURL.PATH_AND_QUERY	Evaluates the text in the URL that follows the host name. For example, if the URL is `<http://www.mycompany.com/a/b/c/mypage.html?a=1>`, this prefix evaluates /a/b/c/mypage.html?a=1.
VPN.BASEURL.PROTOCOL	Evaluates the protocol in the URL. Do not use this prefix in bidirectional policies.
VPN.BASEURL.QUERY	Extracts a name-value list, using the “=” and “&” delimiters from the query string in a URL.
VPN.BASEURL.QUERY.IGNORE_EMPTY_ELEMENTS	This method ignores the empty elements in a name-value list. For example, in the following name-value list, there is an empty element following “a=10”: a=10;;b=11; ;c=89. The element following b=11 contains a space and is not considered an empty element. Consider the following HTTP header: Cust_Header : a=1;;b=2; ;c=3. The following expression produces a count of 4 after evaluating this header: http.req.header(“Cust_Header”).typecast_nvlist_t(‘=’,’;’).ignore_empty_elements.count. The following expression produces a count of 5 after evaluating the header: http.req.header(“Cust_Header”).typecast_nvlist_t(‘=’,’;’).
VPN.BASEURL.SUFFIX	Evaluates the file name suffix in a URL. For example, if the path is /a/b/c/my.page.html, this operation selects “html.”
VPN.CLIENTLESS_BASEURL	Evaluates the clientless VPN base URL.
VPN.CLIENTLESS_BASEURL.CVPN_DECODE	Extracts the original URL from the clientless VPN formatted URL.
VPN.CLIENTLESS_BASEURL.CVPN_ENCODE	Converts a URL to the clientless VPN format.
VPN.CLIENTLESS_BASEURL.HOSTNAME	Evaluates the host name in the URL. Do not use this prefix in bidirectional policies.
VPN.CLIENTLESS_BASEURL.HOSTNAME.DOMAIN	Evaluates the domain name part of the host name. For example, if the host name is `www.mycompany.com` or `www.mycompany.com:8080`, the domain is `mycompany.com`. This operation returns incorrect results if the host name is an IP address. For information on expressions for IP addresses, see “Default Syntax Expressions: IP and MAC Addresses, Throughput, VLAN IDs..” All text operations after this prefix are case insensitive.
`VPN.CLIENTLESS_BASEURL.HOSTNAME.EQ(<hostname>`)	Returns a Boolean TRUE if the host name matches <hostname>. For example, if the host name is `www.mycompany.com` or `www.mycompany.com:8080`, the following is true: vpn.clientless_baseurl. hostname.eq(`"www.mycompany.com"`) The comparison is case insensitive. If the textmode is URLENCODED, the host name is decoded before comparison. For more information, see “Operations for HTTP, HTML, and XML Encoding and “Safe” Characters.”
`VPN.CLIENTLESS_BASEURL.HOSTNAME.SERVER`	Evaluates the server part of a host name. For example, if the host name is `www.mycompany.com` or `www.mycompany.com:8080`, the server is `www.mycompany.com`. All text operations after this prefix are case insensitive.
VPN.CLIENTLESS_BASEURL.PATH	Evaluates a slash- (/) separated list in the URL path. For example, this prefix selects /a/b/c/mypage.html from the following URL: <`http://www.mycompany.com/a/b/c/mypage.html?a=1`>. The following expression selects “a” from the preceding URL: `http.req.url.path.get(1)`. For more information on the GET operation, see “Expressions for Extracting Segments of URLs.”
`VPN.CLIENTLESS_BASEURL.PATH.IGNORE_EMPTY_ELEMENTS`	Ignores empty elements in a list. For example, if the list delimiter is a comma (,) the following list has an empty element following “a=10”: a=10,b=11, ,c=89. The element following b=11 contains a space and is not considered an empty element.. Consider the following HTTP header: Cust_Header : 123,,24, ,15. The following expression returns a value of 4 after evaluating this header: http.req.header(“Cust_Header”).typecast_list_t(‘,’).ignore_empty_elements.count. The following expression returns a value of 5 after evaluating this header: http.req.header(“Cust_Header”).typecast_list_t(‘,’).
`VPN.CLIENTLESS_BASEURL.PATH_AND_QUERY`	Evaluates the text following the host name in a URL. For example, this prefix selects /a/b/c/mypage.html?a=1 from the following URL: <`http://www.mycompany.com/a/b/c/mypage.html?a=1>`
`VPN.CLIENTLESS_BASEURL.PROTOCOL`	Evaluates the protocol in the URL. Do not use this prefix in bidirectional policies.
`VPN.CLIENTLESS_BASEURL.QUERY`	Extracts a name-value list that uses the delimiters “=” and “&” from a URL query string.
`VPN.CLIENTLESS_BASEURL.QUERY.IGNORE_EMPTY_ ELEMENTS`	Ignores empty elements in a name-value list. For example, the following list contains an empty element after “a=10”: a=10;;b=11; ;c=89. The element following b=11 contains a space and is not considered an empty element. As another example, consider the following http header: Cust_Header : a=1;;b=2; ;c=3. The following expression returns a value of 4 after evaluating the preceding header: http.req.header(“Cust_Header”).typecast_nvlist_t(‘=’,’;’).ignore_empty_elements.count. The following expression returns a value of 5 after evaluating the preceding header: http.req.header(“Cust_Header”).typecast_nvlist_t(‘=’,’;’)
`VPN.CLIENTLESS_BASEURL.SUFFIX`	Evaluates the file suffix in a URL. For example, if the URL path is /a/b/c/mypage.html then this operation selects html.
VPN.CLIENTLESS_HOSTURL	Selects the clientless VPN host URL.
VPN.CLIENTLESS_HOSTURL.CVPN_DECODE	Selects the original URL from the clientless VPN formatted URL.
VPN.CLIENTLESS_HOSTURL.CVPN_ENCODE	Converts a URL to clientless VPN format.
VPN.CLIENTLESS_HOSTURL.HOSTNAME	Extracts the host name in the URL. Do not use this prefix in bidirectional policies.
VPN.CLIENTLESS_HOSTURL.HOSTNAME.DOMAIN	Extracts the domain name from the host name. For example, if the host name is `www.mycompany.com` or `www.mycompany.com:8080`, the domain is `mycompany.com`. This operation returns incorrect results if the host name contains an IP address. For information on expressions for IP addresses, see “Default Syntax Expressions: IP and MAC Addresses, Throughput, VLAN IDs.” All text operations after this prefix are case insensitive.
VPN.CLIENTLESS_HOSTURL.HOSTNAME.EQ(<hostname>)	Results in Boolean TRUE if the host name matches the `\<hostname\>` argument. The comparison is case insensitive. For example, if the host name is `www.mycompany.com` or `www.mycompany.com`., the following expression returns TRUE: vpn.clilentless_hosturl. hostname.eq(`"www.mycompany.com"`). If the text mode is URLENCODED, the host name is decoded before comparison. For more information, see “Operations for HTTP, HTML, and XML Encoding and “Safe” Characters.”
VPN.CLIENTLESS_HOSTURL.HOSTNAME.SERVER	Evaluates the server part of the host name. For example, if the host name is `www.mycompany.com` or `www.mycompany.com:8080`, the server is `www.mycompany.com`.. The comparison is case insensitive, and all text operations after this method are case insensitive.
VPN.CLIENTLESS_HOSTURL.PATH	Evaluates a slash- (/) separated list on the path component of the URL. For example, consider the following URL: `<http://www.mycompany.com/a/b/c/mypage.html?a=1>`. This prefix selects /a/b/c/mypage.html from the preceding URL.
VPN.CLIENTLESS_HOSTURL.PATH.IGNORE_EMPTY_ELEMENTS	This method ignores the empty elements in a list. For example, if the delimiter in a list is “,” the following list contains an empty element after the entry “a=10”: a=10,b=11, ,c=89. The element following b=11 contains a space and is not considered an empty element. Consider the following header: Cust_Header : 123,,24, ,15. The following expression returns a value of 4 for this header: http.req.header(“Cust_Header”).typecast_list_t(‘,’). ignore_empty_elements.count. The following expression returns a value of 5 for the same header: http.req.header(“Cust_Header”).typecast_list_t(‘,’).
`VPN.CLIENTLESS_HOSTURL.PATH_AND_QUERY`	Evaluates the portion of the URL that follows the host name. For example, consider the following URL: `<http://www.mycompany.com/a/b/c/mypage.html?a=1>`. This prefix returns /a/b/c/mypage.html?a=1 from the preceding URL.
VPN.CLIENTLESS_HOSTURL.PROTOCOL	Evaluates the protocol in the URL. Do not use this prefix in bidirectional policies.
VPN.CLIENTLESS_HOSTURL.QUERY	Extracts a name-value list, using the “=” and “&” delimiters from a URL query string.
VPN.CLIENTLESS_HOSTURL.QUERY.IGNORE_EMPTY_ ELEMENTS	Ignores empty elements in a name-value list. For example, the following list uses a semicolon (;) delimiter. This list contains an empty element after “a=10”: a=10;;b=11; ;c=89. In the preceding example, the element following b=11 is not considered an empty element. Consider the following header: Cust_Header : a=1;;b=2; ;c=3. The following expression returns a value of 4 after evaluating this header: http.req.header(“Cust_Header”).typecast_nvlist_t(‘=’,’;’).ignore_empty_elements.count. The following expression returns a value of 5 after evaluating the same header: http.req.header(“Cust_Header”).typecast_nvlist_t(‘=’,’;’)
VPN.CLIENTLESS_HOSTURL.SUFFIX	Extracts a file name suffix in a URL. For example, if the path is /a/b/c/my.page.html, this prefix selects html.
VPN.HOST.DOMAIN	Extracts the domain name part of the host name. For example, if the host name is `www.mycompany.com` or `www.mycompany.com:8080`, the domain is `mycompany.com`. This prefix returns incorrect results if the host name contains an IP address. For information on expressions for IP addresses, see “Default Syntax Expressions: IP and MAC Addresses, Throughput, VLAN IDs.” All text operations after this prefix case insensitive.
VPN.HOST.EQ(<hostname>)	Returns a Boolean TRUE value if the host name matches the <hostname>. The comparison is case insensitive. For example, if the host name is `www.mycompany.com` or `www.mycompany.com:8080`, the following returns TRUE: vpn.host.eq(“www.mycompany.com”). If the text mode is URLENCODED the host name is decoded before comparison. For more information, see “Operations for HTTP, HTML, and XML Encoding and “Safe” Characters.”
VPN.HOST.SERVER	Extracts the server name part of the host name. For example, if the host name is `www.mycompany.com` or `www.mycompany.com:8080`, the server is `www.mycompany.com`. All text operations after this prefix are case insensitive.

The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only. Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Citrix product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Citrix will not be held responsible for any damage or issues that may arise from using machine-translated content.

Expression prefixes for VPNs and clientless VPNs

September 21, 2020

Contributed by:

S S

September 21, 2020

Contributed by:

S S

Expression prefixes for VPNs and clientless VPNs

Expression prefixes for VPNs and clientless VPNs

In this article