How rewrite works

A rewrite policy consists of a rule and action. The rule determines the traffic on which rewrite is applied and the action determines the action to be taken by the NetScaler. You can define multiple rewrite policies. For each policy, specify the bind point and priority.

A bind point refers to a point in the traffic flow at which the NetScaler examines the traffic to verify whether any rewrite policy can be applied to it. You can bind a policy to a specific load balancing or content switching virtual server, or make the policy global if you want the policy to be applied to the entire traffic handled by the NetScaler. These policies are referred to as global policies.

In addition to the user-defined policies, the NetScaler has some default policies. You cannot modify or delete a default policy.

For evaluating the policies, NetScaler follows the order mentioned below:

  • Global policies
  • Policies bound to specific virtual servers
  • Default policies

Note: NetScaler can apply a rewrite policy only when it is bound to a point.

NetScaler implements the rewrite feature in the following steps:

  • The NetScaler appliance checks for global policies and then checks for policies at individual bind points.

  • If multiple policies are bound to a bind point, the NetScaler evaluates the policies in the order of their priority. The policy with the highest priority is evaluated first. After evaluating each policy, if the policy is evaluated to TRUE (the traffic matches the rule), it adds the action associated with the policy to a list of actions to be performed. A match occurs when the characteristics specified in the policy rule match the characteristics of the request or response being evaluated.

  • <For any policy, in addition to the action, you can specify the policy that should be evaluated after the current policy is evaluated. This policy is referred to as the ‘Go to Expression’. For any policy, if a Go to Expression (gotoPriorityExpr) is specified, the NetScaler evaluates the Go to Expression policy; it ignores policy with the next highest priority.

    You can specify the priority of the policy to indicate the Go to Expression policy; you cannot use the name of the policy. If you want the NetScaler to stop evaluating other policies after evaluating a particular policy, you can set the Go to Expression to ‘END’.

  • After all the policies are evaluated or when a policy has the Go to Expression set as END, the NetScaler starts performing the actions according to the list of actions.

For more information about configuring rewrite policies, see “Configuring a Rewrite Policy” and about binding rewrite policies, see “Binding a Rewrite Policy.”

The following figure illustrates how NetScaler processes a request or response when the rewrite feature is used.

Figure 1. The Rewrite Process


Policy Evaluation

The policy with the highest priority is evaluated first. NetScaler does not stop the evaluation of rewrite policies when it finds a match; it evaluates all the rewrite policies configured on the NetScaler.

  • If a policy evaluates to TRUE, the NetScaler follows the procedure below:
    • If the policy has the Go to Expression set to END, the NetScaler stops evaluating all the other policies and starts performing the rewrite.
    • The gotoPriorityExpression can be set to ‘NEXT’, ‘END’, some integer or ‘INVOCATION_LIST’. The value determines the policy with the next priority. The following table shows the action taken by NetScaler for each value of the expression. | | | | ———————– | ———————————————————————– | | Value of the expression | Action | | NEXT | Policy with the next priority gets evaluated. | | END | Evaluation of policies stops. | | <an integer> | Policy with specified priority gets evaluated. | | INVOCATION_LIST | Goto NEXT or END is applied based on the result of the invocation list. |
  • If a policy evaluates to FALSE, the NetScaler continues the evaluation in the order of priority.
  • If a policy evaluates to UNDEFINED (cannot be evaluated on the received traffic due to an error), the NetScaler performs the action assigned to the UNDEFINED condition (referred to as undefAction) and stops further evaluation of polices.

The NetScaler starts the actual rewriting only after the evaluation is complete. It refers to the list of actions identified by policies that are evaluated to TRUE, and starts the rewriting. After implementing all the actions in the list, the NetScaler forwards the traffic as required.

Note: Ensure that the policies do not specify conflicting or overlapping actions on the same part of the HTTP header or body, or TCP payload. When such a conflict occurs, the NetScaler encounters an undefined situation and aborts the rewrite.

Rewrite Actions

On the NetScaler appliance, specify the actions to be taken such as adding, replacing, or deleting text within the body, or adding, modifying or deleting headers, or any changes in the TCP payload as rewrite actions. For more information about rewrite actions, see Configuring a Rewrite Action.

The following table describes the steps the NetScaler can take when a policy evaluates to TRUE.

Action Result
Insert The rewrite action specified for the policy is carried out.
NOREWRITE The request or response is not rewritten. NetScaler forwards the traffic without rewriting any part of the message.
RESET The connection is aborted at the TCP level.
DROP The message is dropped.

Note: For any policy, you can configure the undefaction (action to be taken when the policy evaluates to UNDEFINED) as NOREWRITE, RESET, or DROP.

To use the Rewrite feature, take the following steps:

  • Enable the feature on the NetScaler.
  • Define rewrite actions.
  • Define rewrite policies.
  • Bind the policies to a bind point to bring a policy into effect.
How rewrite works