Expression prefixes for VPNs and clientless VPNs
The Advanced policy engine provides prefixes that are specific to parsing VPN or Clientless VPN data. This data includes the following:
- Host names, domains, and URLs in VPN traffic.
- Protocols in the VPN traffic.
- Queries in the VPN traffic.
These text elements are often URLs and components of URLs. In addition to applying the text-based operations on these elements, you can parse these elements by using operations that are specific to parsing URLs. For more information, see Expressions for extracting segments of URLs
The following table describes the expression prefixes for this type of data.
| VPN and Clientless VPN Expression | Description |
|---|---|
| VPN.BASEURL.CVPN_DECODE | Extracts the original URL from a clientless VPN URL. |
| VPN.BASEURL.CVPN_ENCODE | Converts a URL to clientless VPN format. |
| VPN.BASEURL.HOSTNAME | Extracts the HTTP host name from the host name in the URL. This prefix cannot be used in bidirectional policies. |
| VPN.BASEURL.HOSTNAME.DOMAIN | Extracts the domain name from the host name. For example, if the host name is www.mycompany.com or www.mycompany.com:8080, this prefix extracts mycompany.com. This prefix returns incorrect results if the host name is an IP address. For information on expressions for IP addresses, see “Default Syntax Expressions: IP and MAC Addresses, Throughput, VLAN IDs.” All text operations after this prefix are case insensitive. |
VPN.BASEURL.HOSTNAME.EQ (\<hostname\>) |
Returns a Boolean TRUE if the host name matches \<hostname\>. The comparison is case insensitive. For example, if the host name is www.mycompany.com, the following returns TRUE: vpn.baseurl.hostname.eq("www.mycompany.com"). If the text mode is URLENCODED, the host name is decoded before comparison. For more information, see “Operations for HTTP, HTML, and XML Encoding and “Safe” Characters.” |
| VPN.BASEURL.HOSTNAME.SERVER | Evaluates the server portion of the host name. For example, if the host name is www.mycompany.com or www.mycompany.com:8080, the server is www.mycompany.com. All text operations after this prefix are case insensitive. |
| VPN.BASEURL.PATH | Extracts a slash- (/) separated list from the path component of the URL. For example, this prefix extracts /a/b/c/mypage.html from the following URL: <http://www.mycompany.com/a/b/c/mypage.html?a=1>. The following expression selects just the “a”: http.req.url.path.get(1). For more information on the GET operation, see “Expressions for Extracting Segments of URLs.” |
| VPN.BASEURL.PATH.IGNORE_EMPTY_ELEMENTS | This prefix ignores the elements in a list. For example, the following comma-separated list has an empty element after “a=10”: a=10,,b=11, ,c=89. The element following b=11 contains a space, and by default, is not considered an empty element. Consider the following HTTP header: Cust_Header : 123,,24, ,15. The following expression returns a count of 4 when evaluating this header: http.req.header(“Cust_Header”).typecase_list_t(‘,’).ignore_empty_elements.count. The following expression returns a count of 5 when evaluating this header: http.req.header(“Cust_Header”).typecase_list_t(‘,’). count |
| VPN.BASEURL.PATH_AND_QUERY | Evaluates the text in the URL that follows the host name. For example, if the URL is <http://www.mycompany.com/a/b/c/mypage.html?a=1>, this prefix evaluates /a/b/c/mypage.html?a=1. |
| VPN.BASEURL.PROTOCOL | Evaluates the protocol in the URL. Do not use this prefix in bidirectional policies. |
| VPN.BASEURL.QUERY | Extracts a name-value list, using the “=” and “&” delimiters from the query string in a URL. |
| VPN.BASEURL.QUERY.IGNORE_EMPTY_ELEMENTS | This method ignores the empty elements in a name-value list. For example, in the following name-value list, there is an empty element following “a=10”: a=10;;b=11; ;c=89. The element following b=11 contains a space and is not considered an empty element. Consider the following HTTP header: Cust_Header : a=1;;b=2; ;c=3. The following expression produces a count of 4 after evaluating this header: http.req.header(“Cust_Header”).typecast_nvlist_t(‘=’,’;’).ignore_empty_elements.count. The following expression produces a count of 5 after evaluating the header: http.req.header(“Cust_Header”).typecast_nvlist_t(‘=’,’;’). |
| VPN.BASEURL.SUFFIX | Evaluates the file name suffix in a URL. For example, if the path is /a/b/c/my.page.html, this operation selects “html.” |
| VPN.CLIENTLESS_BASEURL | Evaluates the clientless VPN base URL. |
| VPN.CLIENTLESS_BASEURL.CVPN_DECODE | Extracts the original URL from the clientless VPN formatted URL. |
| VPN.CLIENTLESS_BASEURL.CVPN_ENCODE | Converts a URL to the clientless VPN format. |
| VPN.CLIENTLESS_BASEURL.HOSTNAME | Evaluates the host name in the URL. Do not use this prefix in bidirectional policies. |
| VPN.CLIENTLESS_BASEURL.HOSTNAME.DOMAIN | Evaluates the domain name part of the host name. For example, if the host name is www.mycompany.com or www.mycompany.com:8080, the domain is mycompany.com. This operation returns incorrect results if the host name is an IP address. For information on expressions for IP addresses, see “Default Syntax Expressions: IP and MAC Addresses, Throughput, VLAN IDs..” All text operations after this prefix are case insensitive. |
VPN.CLIENTLESS_BASEURL.HOSTNAME.EQ(<hostname>) |
Returns a Boolean TRUE if the host name matches <hostname>. For example, if the host name is www.mycompany.com or www.mycompany.com:8080, the following is true: vpn.clientless_baseurl. hostname.eq("www.mycompany.com") The comparison is case insensitive. If the textmode is URLENCODED, the host name is decoded before comparison. For more information, see “Operations for HTTP, HTML, and XML Encoding and “Safe” Characters.” |
VPN.CLIENTLESS_BASEURL.HOSTNAME.SERVER |
Evaluates the server part of a host name. For example, if the host name is www.mycompany.com or www.mycompany.com:8080, the server is www.mycompany.com. All text operations after this prefix are case insensitive. |
| VPN.CLIENTLESS_BASEURL.PATH | Evaluates a slash- (/) separated list in the URL path. For example, this prefix selects /a/b/c/mypage.html from the following URL: <http://www.mycompany.com/a/b/c/mypage.html?a=1>. The following expression selects “a” from the preceding URL: http.req.url.path.get(1). For more information on the GET operation, see “Expressions for Extracting Segments of URLs.” |
VPN.CLIENTLESS_BASEURL.PATH.IGNORE_EMPTY_ELEMENTS |
Ignores empty elements in a list. For example, if the list delimiter is a comma (,) the following list has an empty element following “a=10”: a=10,b=11, ,c=89. The element following b=11 contains a space and is not considered an empty element.. Consider the following HTTP header: Cust_Header : 123,,24, ,15. The following expression returns a value of 4 after evaluating this header: http.req.header(“Cust_Header”).typecast_list_t(‘,’).ignore_empty_elements.count. The following expression returns a value of 5 after evaluating this header: http.req.header(“Cust_Header”).typecast_list_t(‘,’). |
VPN.CLIENTLESS_BASEURL.PATH_AND_QUERY |
Evaluates the text following the host name in a URL. For example, this prefix selects /a/b/c/mypage.html?a=1 from the following URL: <http://www.mycompany.com/a/b/c/mypage.html?a=1>
|
VPN.CLIENTLESS_BASEURL.PROTOCOL |
Evaluates the protocol in the URL. Do not use this prefix in bidirectional policies. |
VPN.CLIENTLESS_BASEURL.QUERY |
Extracts a name-value list that uses the delimiters “=” and “&” from a URL query string. |
VPN.CLIENTLESS_BASEURL.QUERY.IGNORE_EMPTY_ ELEMENTS |
Ignores empty elements in a name-value list. For example, the following list contains an empty element after “a=10”: a=10;;b=11; ;c=89. The element following b=11 contains a space and is not considered an empty element. As another example, consider the following http header: Cust_Header : a=1;;b=2; ;c=3. The following expression returns a value of 4 after evaluating the preceding header: http.req.header(“Cust_Header”).typecast_nvlist_t(‘=’,’;’).ignore_empty_elements.count. The following expression returns a value of 5 after evaluating the preceding header: http.req.header(“Cust_Header”).typecast_nvlist_t(‘=’,’;’) |
VPN.CLIENTLESS_BASEURL.SUFFIX |
Evaluates the file suffix in a URL. For example, if the URL path is /a/b/c/mypage.html then this operation selects html. |
| VPN.CLIENTLESS_HOSTURL | Selects the clientless VPN host URL. |
| VPN.CLIENTLESS_HOSTURL.CVPN_DECODE | Selects the original URL from the clientless VPN formatted URL. |
| VPN.CLIENTLESS_HOSTURL.CVPN_ENCODE | Converts a URL to clientless VPN format. |
| VPN.CLIENTLESS_HOSTURL.HOSTNAME | Extracts the host name in the URL. Do not use this prefix in bidirectional policies. |
| VPN.CLIENTLESS_HOSTURL.HOSTNAME.DOMAIN | Extracts the domain name from the host name. For example, if the host name is www.mycompany.com or www.mycompany.com:8080, the domain is mycompany.com. This operation returns incorrect results if the host name contains an IP address. For information on expressions for IP addresses, see “Default Syntax Expressions: IP and MAC Addresses, Throughput, VLAN IDs.” All text operations after this prefix are case insensitive. |
| VPN.CLIENTLESS_HOSTURL.HOSTNAME.EQ(<hostname>) | Results in Boolean TRUE if the host name matches the \<hostname\> argument. The comparison is case insensitive. For example, if the host name is www.mycompany.com or www.mycompany.com., the following expression returns TRUE: vpn.clilentless_hosturl. hostname.eq("www.mycompany.com"). If the text mode is URLENCODED, the host name is decoded before comparison. For more information, see “Operations for HTTP, HTML, and XML Encoding and “Safe” Characters.” |
| VPN.CLIENTLESS_HOSTURL.HOSTNAME.SERVER | Evaluates the server part of the host name. For example, if the host name is www.mycompany.com or www.mycompany.com:8080, the server is www.mycompany.com.. The comparison is case insensitive, and all text operations after this method are case insensitive. |
| VPN.CLIENTLESS_HOSTURL.PATH | Evaluates a slash- (/) separated list on the path component of the URL. For example, consider the following URL: <http://www.mycompany.com/a/b/c/mypage.html?a=1>. This prefix selects /a/b/c/mypage.html from the preceding URL. |
| VPN.CLIENTLESS_HOSTURL.PATH.IGNORE_EMPTY_ELEMENTS | This method ignores the empty elements in a list. For example, if the delimiter in a list is “,” the following list contains an empty element after the entry “a=10”: a=10,b=11, ,c=89. The element following b=11 contains a space and is not considered an empty element. Consider the following header: Cust_Header : 123,,24, ,15. The following expression returns a value of 4 for this header: http.req.header(“Cust_Header”).typecast_list_t(‘,’). ignore_empty_elements.count. The following expression returns a value of 5 for the same header: http.req.header(“Cust_Header”).typecast_list_t(‘,’). |
VPN.CLIENTLESS_HOSTURL.PATH_AND_QUERY |
Evaluates the portion of the URL that follows the host name. For example, consider the following URL: <http://www.mycompany.com/a/b/c/mypage.html?a=1>. This prefix returns /a/b/c/mypage.html?a=1 from the preceding URL. |
| VPN.CLIENTLESS_HOSTURL.PROTOCOL | Evaluates the protocol in the URL. Do not use this prefix in bidirectional policies. |
| VPN.CLIENTLESS_HOSTURL.QUERY | Extracts a name-value list, using the “=” and “&” delimiters from a URL query string. |
| VPN.CLIENTLESS_HOSTURL.QUERY.IGNORE_EMPTY_ ELEMENTS | Ignores empty elements in a name-value list. For example, the following list uses a semicolon (;) delimiter. This list contains an empty element after “a=10”: a=10;;b=11; ;c=89. In the preceding example, the element following b=11 is not considered an empty element. Consider the following header: Cust_Header : a=1;;b=2; ;c=3. The following expression returns a value of 4 after evaluating this header: http.req.header(“Cust_Header”).typecast_nvlist_t(‘=’,’;’).ignore_empty_elements.count. The following expression returns a value of 5 after evaluating the same header: http.req.header(“Cust_Header”).typecast_nvlist_t(‘=’,’;’) |
| VPN.CLIENTLESS_HOSTURL.SUFFIX | Extracts a file name suffix in a URL. For example, if the path is /a/b/c/my.page.html, this prefix selects html. |
| VPN.HOST.DOMAIN | Extracts the domain name part of the host name. For example, if the host name is www.mycompany.com or www.mycompany.com:8080, the domain is mycompany.com. This prefix returns incorrect results if the host name contains an IP address. For information on expressions for IP addresses, see “Default Syntax Expressions: IP and MAC Addresses, Throughput, VLAN IDs.” All text operations after this prefix case insensitive. |
| VPN.HOST.EQ(<hostname>) | Returns a Boolean TRUE value if the host name matches the <hostname>. The comparison is case insensitive. For example, if the host name is www.mycompany.com or www.mycompany.com:8080, the following returns TRUE: vpn.host.eq(“www.mycompany.com”). If the text mode is URLENCODED the host name is decoded before comparison. For more information, see “Operations for HTTP, HTML, and XML Encoding and “Safe” Characters.” |
| VPN.HOST.SERVER | Extracts the server name part of the host name. For example, if the host name is www.mycompany.com or www.mycompany.com:8080, the server is www.mycompany.com. All text operations after this prefix are case insensitive. |
Support: https://www.citrix.com/support
Feedback and forums: https://discussions.citrix.com