Product Documentation

Testing a Rate-Based Policy

To test a rate-based policy, you can send traffic to any virtual server to which a rate-based policy is bound.

Task overview: Testing a rate-based policy

  1. Configure a stream selector (optional) and a rate limit identifier (required). For example:

    add stream selector sel_subnet Q.URL "CLIENT.IP.SRC.SUBNET(24)"
    add ns limitIdentifier k_subnet -Threshold 4 -timeSlice 3600 -mode REQUEST_RATE  -limittype smooth  -selectorName sel_subnet  -trapsInTimeSlice 8
    
  2. Configure the action that you want to associate with the policy that uses the rate limit identifier. For example:

    add responder action resp_redirect redirect "\"http://response_site.com/\""
    
  3. Configure a policy that uses the sys.check_limit expression prefix to call the rate limit identifier. For example, the policy can apply a rate limit identifier to all requests arriving from a particular subnet, as follows:

    add responder policy resp_subnet "SYS.CHECK_LIMIT(\"k_subnet\")" resp_redirect
    
  4. Bind the policy globally or to a virtual server. For example:

    bind responder global resp_subnet 6 END -type DEFAULT
    
  5. In a browser address bar, send a test HTTP query to a virtual server. For example:

    http://<IP of a vserver>/testsite/test.txt
    
  6. At the Citrix ADC command prompt, type:

    show ns limitSessions \<limitIdentifier\>
    

    Example

    > sh limitsession k_subnet
    1)      Time Remaining:       98 secs  Hits: 2                          Action Taken: 0
            Total Hash:    1718618  Hash String: /test.txt
            IPs gathered:
                    1) 10.217.253.0
            Active Transactions: 0
     Done
    >
    
  7. Repeat the query and check the limit identifier statistics again to verify that the statistics are being updated correctly.</span>

Testing a Rate-Based Policy