Product Documentation

Expressions Reference-Classic Expressions

Aug 31, 2016

The subtopics listed in the table of contents on the left side of your screen contain tables listing the NetScaler classic expressions.

In the table of operators, the result type of each operator is shown at the beginning of the description. In the other tables, the level of each expression is shown at the beginning of the description. For named expressions, each expression is shown as a whole.

Operators

Expression Element

Definition

==

Boolean.

Returns TRUE if the current expression equals the argument. For text operations, the items being compared must exactly match one another. For numeric operations, the items must evaluate to the same number.

!=

Boolean.

Returns TRUE if the current expression does not equal the argument. For text operations, the items being compared must not exactly match one another. For numeric operations, the items must not evaluate to the same number.

CONTAINS

Boolean.

Returns TRUE if the current expression contains the string that is designated in the argument.

NOTCONTAINS

Boolean.

Returns TRUE if the current expression does not contain the string that is designated in the argument.

CONTENTS

Text.

Returns the contents of the current expression.

EXISTS

Boolean.

Returns TRUE if the item designated by the current expression exists.

NOTEXISTS

Boolean.

Returns TRUE if the item designated by the current expression does not exist.

>

Boolean.

Returns TRUE if the current expression evaluates to a number that is greater than the argument.

<

Boolean.

Returns TRUE if the current expression evaluates to a number that is less than the argument.

>=

Boolean.

Returns TRUE if the current expression evaluates to a number that is greater than or equal to the argument.

<=

Boolean.

Returns TRUE if the current expression evaluates to a number that is less than or equal to the argument.

General Expressions

Expression Element

Definition

REQ

Flow Type.

Operates on incoming (or request) packets.

REQ.HTTP

Protocol

Operates on HTTP requests.

REQ.HTTP.METHOD

Qualifier

Designates the HTTP method.

REQ.HTTP.URL

Qualifier

Designates the URL.

REQ.HTTP.URLTOKENS

Qualifier

Designates the URL token.

REQ.HTTP.VERSION

Qualifier

Designates the HTTP version.

REQ.HTTP.HEADER

Qualifier

Designates the HTTP header.

REQ.HTTP.URLLEN

Qualifier

Designates the number of characters in the URL.

REQ.HTTP.URLQUERY

Qualifier

Designates the query portion of the URL.

REQ.HTTP.URLQUERYLEN

Qualifier

Designates the length of the query portion of the URL.

REQ.SSL

Protocol

Operates on SSL requests.

REQ.SSL.CLIENT.CERT

Qualifier

Designates the entire client certificate.

REQ.SSL.CLIENT.CERT.SUBJECT

Qualifier

Designates the client certificate subject.

REQ.SSL.CLIENT.CERT.ISSUER

Qualifier

Designates the issuer of the client certificate.

REQ.SSL.CLIENT.CERT.SIGALGO

Qualifier

Designates the validation algorithm used by the client certificate.

REQ.SSL.CLIENT.CERT.VERSION

Qualifier

Designates the client certificate version.

REQ.SSL.CLIENT.CERT.VALIDFROM

Qualifier

Designates the date before which the client certificate is not valid.

REQ.SSL.CLIENT.CERT.VALIDTO

Qualifier

Designates the date after which the client certificate is not valid.

REQ.SSL.CLIENT.CERT.SERIALNUMBER

Qualifier

Designates the serial number of the client certificate.

REQ.SSL.CLIENT.CIPHER.TYPE

Qualifier

Designates the encryption protocol used by the client.

REQ.SSL.CLIENT.CIPHER.BITS

Qualifier

Designates the number of bits used by the client’s SSL key.

REQ.SSL.CLIENT.SSL.VERSION

Qualifier

Designates the SSL version that the client is using.

REQ.TCP

Protocol

Operates on incoming TCP packets.

REQ.TCP.SOURCEPORT

Qualifier

Designates the source port of the incoming packet.

REQ.TCP.DESTPORT

Qualifier

Designates the destination port of the incoming packet.

REQ.IP

Protocol

Operates on incoming IP packets.

REQ.IP.SOURCEIP

Qualifier

Designates the source IP of the incoming packet.

REQ.IP.DESTIP

Qualifier

Designates the destination IP of the incoming packet.

RES

Flow Type

Operates on outgoing (or response) packets.

RES.HTTP

Protocol

Operates on HTTP responses.

RES.HTTP.VERSION

Qualifier

Designates the HTTP version.

RES.HTTP.HEADER

Qualifier

Designates the HTTP header.

RES.HTTP.STATUSCODE

Qualifier

Designates the status code of the HTTP response.

RES.TCP

Protocol

Operates on incoming TCP packets.

RES.TCP.SOURCEPORT

Qualifier

Designates the source port of the outgoing packet.

RES.TCP.DESTPORT

Qualifier

Designates the destination port of the outgoing packet.

RES.IP

Protocol

Operates on outgoing IP packets.

RES.IP.SOURCEIP

Qualifier

Designates the source IP of the outgoing packet. This can be in IPv4 or IPv6 format. For example:

add expr exp3 “sourceip == 10.102.32.123 –netmask 255.255.255.0 && destip == 2001::23/120”.

RES.IP.DESTIP

Qualifier

Designates the destination IP of the outgoing packet.

Client Security Expressions

Updated: 2013-10-21

The expressions to configure client settings on the Access Gateway with the following software:

  • Antivirus
  • Personal firewall
  • Antispam
  • Internet Security

For example usage, see http://support.citrix.com/article/CTX112599.

Actual Expression

Definition

CLIENT.APPLICATION.AV(<NAME>.VERSION == <VERSION>)

Checks whether the client is running the designated anti-virus program and version.

CLIENT.APPLICATION.AV(<NAME>.VERSION != <VERSION>)

Checks whether the client is not running the designated anti-virus program and version.

CLIENT.APPLICATION.PF(<NAME>.VERSION == <VERSION>)

Checks whether the client is running the designated personal firewall program and version.

CLIENT.APPLICATION.PF(<NAME>.VERSION != <VERSION>)

Checks whether the client is not running the designated personal firewall program and version.

CLIENT.APPLICATION.IS(<NAME>.VERSION == <VERSION>)

Checks whether the client is running the designated internet security program and version.

CLIENT.APPLICATION.IS(<NAME>.VERSION != <VERSION>)

Checks whether the client is not running the designated internet security program and version.

CLIENT.APPLICATION.AS(<NAME>.VERSION == <VERSION>)

Checks whether the client is running the designated anti-spam program and version.

CLIENT.APPLICATION.AS(<NAME>.VERSION != <VERSION>)

Checks whether the client is not running the designated anti-spam program and version.

Network-Based Expressions

Expression

Definition

REQ

Flow Type.

Operates on incoming, or request, packets.

REQ.VLANID

Qualifier.

Operates on the virtual LAN (VLAN) ID.

REQ.INTERFACE.ID

Qualifier.

Operates on the ID of the designated NetScaler interface.

REQ.INTERFACE.RXTHROUGHPUT

Qualifier.

Operates on the raw received packet throughput of the designated NetScaler interface.

REQ.INTERFACE.TXTHROUGHPUT

Qualifier.

Operates on the raw transmitted packet throughput of the designated NetScaler interface.

REQ.INTERFACE.RXTXTHROUGHPUT

Qualifier.

Operates on the raw received and transmitted packet throughput of the designated NetScaler interface.

REQ.ETHER.SOURCEMAC

Qualifier.

Operates on the source MAC address.

REQ.ETHER.DESTMAC

Qualifier.

Operates on the destination MAC address.

RES

Flow Type.

Operates on outgoing (or response) packets.

RES.VLANID

Qualifier.

Operates on the virtual LAN (VLAN) ID.

RES.INTERFACE.ID

Qualifier.

Operates on the ID of the designated NetScaler interface.

RES.INTERFACE.RXTHROUGHPUT

Qualifier.

Operates on the raw received packet throughput of the designated NetScaler interface.

RES.INTERFACE.TXTHROUGHPUT

Qualifier.

Operates on the raw transmitted packet throughput of the designated NetScaler interface.

RES.INTERFACE.RXTXTHROUGHPUT

Qualifier.

Operates on the raw received and transmitted packet throughput of the designated NetScaler interface.

RES.ETHER.SOURCEMAC

Qualifier.

Operates on the source MAC address.

RES.ETHER.DESTMAC

Qualifier.

Operates on the destination MAC address.

Date/Time Expressions

Expression

Definition

TIME

Qualifier.

Operates on the date and time of day, GMT.

DATE

Qualifier.

Operates on the date, GMT.

DAYOFWEEK

Operates on the specified day in the week, GMT.

File System Expressions

Updated: 2013-09-30

You can specify file system expressions in authorization policies for users and groups who access file sharing through the NetScaler Gateway file transfer utility (the VPN portal). These expressions work with the NetScaler Gateway file transfer authorization feature to control user access to file servers, folders, and files. For example, you can use these expressions in authorization policies to control access based on file type and size.

Expression

Definition

FS.COMMAND

Qualifier.

Operates on a file system command. The user can issue multiple commands on a file transfer portal. (For example, ls to list files or mkdir to create a directory). This expression returns the current action that the user is taking.

Possible values: Neighbor, login, ls, get, put, rename, mkdir, rmdir, del, logout, any.

Following is an example:

Add authorization policy pol1 “fs.command eq login && (fs.user eq administrator || fs.serverip eq 10.102.88.221 –netmask 255.255.255.252)” allow

FS.USER

Returns the user who is logged on to the file system.

FS.SERVER

Returns the host name of the target server. In the following example, the string win2k3-88-22 is the server name:

fs.server eq win2k3-88-221

FS.SERVERIP

Returns the IP address of the target server.

FS.SERVICE

Returns a shared root directory on the file server. If a particular folder is exposed as shared, a user can directly log on to the specified first level folder. This first level folder is called a service. For example, in the path \\hostname\SERVICEX\ETC, SERVICEX is the service. As another example, if a user accesses the file \\hostname\service1\dir1\file1.doc, FS.SERVICE will return service1.

Following is an example:

fs.service notcontains New

FS.DOMAIN

Returns the domain name of the target server.

FS.PATH

Returns the complete path of the file being accessed. For example, if a user accesses the file \\hostname\service1\dir1\file1.doc, FS.PATH will return \service\dir1\file1.doc.

Following is an example:

fs.path notcontains SSL

FS.FILE

Returns the name of the file being accessed. For example, if a user accesses the file \\hostname\service1\dir1\file1.doc, FS.FILE will return file1.doc.

FS.DIR

Returns the directory being accessed. For example, if a user accesses the file \\hostname\service1\dir1\file1.doc, FS.DIR will return \service\dir1.

FS.FILE.ACCESSTIME

Returns the time at which the file was last accessed. This is one of several options that provide you with granular control over actions that the user performs. (See the following entries in this table.)

FS.FILE.CREATETIME

Returns the time at which the file was created.

FS.FILE.MODIFYTIME

Returns the time at which the file was edited.

FS.FILE.WRITETIME

Returns the time of the most recent change in the status of the file.

FS.FILE.SIZE

Returns the file size.

FS.DIR.ACCESSTIME

Returns the time at which the directory was last accessed.

FS.DIR.CREATETIME

Returns the time at which the directory was created.

FS.DIR.MODIFYTIME

Returns the time at which the directory was last modified.

FS.DIR.WRITETIME

Returns the time at which the directory status last changed.

Note: File system expressions do not support regular expressions.

Built-In Named Expressions (General)

Expression

Definition

ns_all_apps_ncomp

Tests for connections with destination ports between 0 and 65535. In other words, tests for all applications.

ns_cachecontrol_nocache

Tests for connections with an HTTP Cache-Control header that contains the value “no-cache”.

ns_cachecontrol_nostore

Tests for connections with an HTTP Cache-Control header that contains the value “no-store”.

ns_cmpclient

Tests the client to determine if it accepts compressed content.

ns_content_type

Tests for connections with an HTTP Content-Type header that contains “text”.

ns_css

Tests for connections with an HTTP Content-Type header that contains “text/css”.

ns_ext_asp

Tests for HTTP connections to any URL that contains the string .asp—in other words, any connection to an active server page (ASP).

ns_ext_cfm

Tests for HTTP connections to any URL that contains the string .cfm

ns_ext_cgi

Tests for HTTP connections to any URL that contains the string .cgi—in other words, any connection to a common gateway interface (CGI) script.

ns_ext_ex

Tests for HTTP connections to any URL that contains the string .ex

ns_ext_exe

Tests for HTTP connections to any URL that contains the string .exe—in other words, any connection to a executable file.

ns_ext_htx

Tests for HTTP connections to any URL that contains the string .htx

ns_ext_not_gif

Tests for HTTP connections to any URL that does not contain the string .gif—in other words, any connection to a URL that is not a GIF image.

ns_ext_not_jpeg

Tests for HTTP connections to any URL that does not contain the string .jpeg—in other words, any connection to a URL that is not a JPEG image.

ns_ext_shtml

Tests for HTTP connections to any URL that contains the string .shtml—in other words, any connection to a server-parsed HTML page.

ns_false

Always returns a value of FALSE.

ns_farclient

Client is in a different geographical region from the NetScaler, as determined by the geographical region in the client’s IP address. The following regions are predefined:

192.0.0.0 – 193.255.255.255: Multi-regional

194.0.0.0 – 195.255.255.255: European Union

196.0.0.0 – 197.255.255.255: Other1

198.0.0.0 – 199.255.255.255: North America

200.0.0.0 – 201.255.255.255: Central and South America

202.0.0.0 – 203.255.255.255: Pacific Rim

204.0.0.0 – 205.255.255.255: Other2

206.0.0.0 – 207.255.255.255: Other3

ns_header_cookie

Tests for HTTP connections that contain a Cookie header

ns_header_pragma

Tests for HTTP connections that contain a Pragma: no-cache header.

ns_mozilla_47

Tests for HTTP connections whose User-Agent header contains the string Mozilla/4.7—in other words, any connection from a client using the Mozilla 4.7 Web browser.

ns_msexcel

Tests for HTTP connections whose Content-Type header contains the string application/vnd.msexcel—in other words, any connection transmitting a Microsoft Excel spreadsheet.

ns_msie

Tests for HTTP connections whose User-Agent header contains the string MSIE—in other words, any connection from a client using any version of the Internet Explorer Web browser.

ns_msppt

Tests for HTTP connections whose Content-Type header contains the string application/vnd.ms-powerpoint—in other words, any connection transmitting a Microsoft PowerPoint file.

ns_msword

Tests for HTTP connections whose Content-Type header contains the string application/vnd.msword—in other words, any connection transmitting a Microsoft Word file.

ns_non_get

Tests for HTTP connections that use any HTTP method except for GET.

ns_slowclient

Returns TRUE if the average round trip time between the client and the NetScaler is more than 80 milliseconds.

ns_true

Returns TRUE for all traffic.

ns_url_path_bin

Tests the URL path to see if it points to the /bin/ directory.

ns_url_path_cgibin

Tests the URL path to see if it points to the CGI-BIN directory.

ns_url_path_exec

Tests the URL path to see if it points to the

/exec/

directory.

ns_url_tokens

Tests for the presence of URL tokens.

ns_xmldata

Tests for the presence of XML data.

Built-In Named Expressions (Anti-Virus)

Expression

Definition

McAfee Virus Scan 11

Tests to determine whether the client is running the latest version of McAfee VirusScan.

McAfee Antivirus

Tests to determine whether the client is running any version of McAfee Antivirus.

Symantec AntiVirus 10 (with Updated Definition File)

Tests to determine whether the client is running the most current version of Symantec AntiVirus.

Symantec AntiVirus 6.0

Tests to determine whether the client is running Symantec AntiVirus 6.0.

Symantec AntiVirus 7.5

Tests to determine whether the client is running Symantec AntiVirus 7.5.

TrendMicro OfficeScan 7.3

Tests to determine whether the client is running Trend Microsystems’ OfficeScan, version 7.3.

TrendMicro AntiVirus 11.25

Tests to determine whether the client is running Trend Microsystems’ AntiVirus, version 11.25.

Sophos Antivirus 4

Tests to determine whether the client is running Sophos Antivirus, version 4.

Sophos Antivirus 5

Tests to determine whether the client is running Sophos Antivirus, version 5.

Sophos Antivirus 6

Tests to determine whether the client is running Sophos Antivirus, version 6.

Built-In Named Expressions (Personal Firewall)

Expression

Definition

TrendMicro OfficeScan 7.3

Tests to determine whether the client is running Trend Microsystems’ OfficeScan, version 7.3.

Sygate Personal Firewall 5.6

Tests to determine whether the client is running the Sygate Personal Firewall, version 5.6.

ZoneAlarm Personal Firewall 6.5

Tests to determine whether the client is running the ZoneAlarm Personal Firewall, version 6.5.

Built-In Named Expressions (Client Security)

Expression

Definition

Norton Internet Security

Tests to determine whether the client is running any version of Norton Internet Security.