Product Documentation

Summary Examples of Default Syntax Expressions and Policies

Aug 31, 2016

The following table provides examples of default syntax expressions that you can use as the basis for your own default syntax expressions.

Table 1. Examples of Default Syntax Expressions

Expression Type

Sample Expressions

Look at the method used in the HTTP request.

http.req.method.eq(post)

http.req.method.eq(get)

Check the Cache-Control or Pragma header value in an HTTP request (req) or response (res).

http.req.header("Cache-Control").contains("no-store")

http.req.header("Cache-Control").contains("no-cache")

http.req.header("Pragma").contains("no-cache")

http.res.header("Cache-Control").contains("private")

http.res.header("Cache-Control").contains("public")

http.res.header("Cache-Control").contains("must-revalidate")

http.res.header("Cache-Control").contains("proxy-revalidate")

http.res.header("Cache-Control").contains("max-age")

Check for the presence of a header in a request (req) or response (res).

http.req.header("myHeader").exists

http.res.header("myHeader").exists

Look for a particular file type in an HTTP request based on the file extension.

http.req.url.contains(".html")

http.req.url.contains(".cgi")

http.req.url.contains(".asp")

http.req.url.contains(".exe")

http.req.url.contains(".cfm")

http.req.url.contains(".ex")

http.req.url.contains(".shtml")

http.req.url.contains(".htx")

http.req.url.contains("/cgi-bin/")

http.req.url.contains("/exec/")

http.req.url.contains("/bin/")

Look for anything that is other than a particular file type in an HTTP request.

http.req.url.contains(".gif").not

http.req.url.contains(".jpeg").not

Check the type of file that is being sent in an HTTP response based on the Content-Type header.

http.res.header("Content-Type").contains("text")

http.res.header("Content-Type").contains("application/msword")

http.res.header("Content-Type").contains("vnd.ms-excel")

http.res.header("Content-Type").contains("application/vnd.ms-powerpoint")

http.res.header("Content-Type").contains("text/css")

http.res.header("Content-Type").contains("text/xml")

http.res.header("Content-Type").contains("image/")

Check whether this response contains an expiration header.

http.res.header("Expires").exists

Check for a Set-Cookie header in a response.

http.res.header("Set-Cookie").exists

Check the agent that sent the response.

http.res.header("User-Agent").contains("Mozilla/4.7")

http.res.header("User-Agent").contains("MSIE")

Check if the first 1024 bytes of the body of a request starts with the string “some text”.

http.req.body(1024).contains("some text")

The following table shows examples of policy configurations and bindings for commonly used functions.

Table 2. Examples of Default Syntax Expressions and Policies

Purpose

Example

Use the rewrite feature to replace occurrences of http:// with https:// in the body of an HTTP response.

add rewrite action httpRewriteAction replace_all http.res.body(50000) "\"https://\"" -pattern http://

add rewrite policy demo_rep34312 "http.res.body(50000).contains(\"http://\")" httpRewriteAction

Replace all occurrences of “abcd” with “1234” in the first 1000 bytes of the HTTP body.

add rewrite action abcdTo1234Action replace_all "http.req.body(1000)" "\"1234\"" -pattern abcd

add rewrite policy abcdTo1234Policy "http.req.body(1000).contains(\"abcd\")" abcdTo1234Action

bind rewrite global abcdTo1234Policy 100 END -type REQ_OVERRIDE

Downgrade the HTTP version to 1.0 to prevent the server from chunking HTTP responses.

add rewrite action downgradeTo1.0Action replace http.req.version.minor "\"0\""

add rewrite policy downgradeTo1.0Policy "http.req.version.minor.eq(1)" downgradeTo1.0Action

bind lb vserver myLBVserver -policyName downgradeTo1.0Policy -priority 100 -gotoPriorityExpression NEXT -type REQUEST

Remove references to the HTTP or HTTPS protocol in all responses, so that if the user's connection is HTTP, the link is opened by using HTTP, and if the user's connection is HTTPS, the link is opened by using HTTPS.

add rewrite action remove_http_https replace_all "http.res.body(1000000).set_text_mode(ignorecase)" "\"//\"" -pattern "re~https?://|HTTPS?://~"

add rewrite policy remove_http_https true remove_http_https

bind lb vserver test_vsvr -policyName remove_http_https -priority 20 -gotoPriorityExpression NEXT -type RESPONSE

Rewrite instances of http:// to https:// in all URLs.

This policy uses the responder functionality.

add responder action httpToHttpsAction redirect "\"https://\" + http.req.hostname + http.req.url" -bypassSafetyCheck YES

add responder policy httpToHttpsPolicy "!CLIENT.SSL.IS_SSL" httpToHttpsAction

bind responder global httpToHttpsPolicy 1 END -type OVERRIDE

Modify a URL to redirect from URL A to URL B. In this example, “file5.html” is appended to the path.

This policy uses the responder functionality.

add responder action appendFile5Action redirect "\"http://\" + http.req.hostname + http.req.url + \"/file5.html\"" -bypassSafetyCheck YES

add responder policy appendFile5Policy "http.req.url.eq(\"/testsite\")" appendFile5Action

bind responder global appendFile5Policy 1 END -type OVERRIDE

Redirect an external URL to an internal URL.

add rewrite action act_external_to_internal REPLACE 'http.req.hostname.server' '"www.my.host.com"'

add rewrite policy pol_external_to_internal 'http.req.hostname.server.eq("www.external.host.com")' act_external_to_internal

bind rewrite global pol_external_to_internal 100 END -type REQ_OVERRIDE

Redirect requests to www.example.com that have a query string to www.Webn.example.com. The value n is derived from a server parameter in the query string, for example, server=5.

add rewrite action act_redirect_query REPLACE q#http.req.header("Host").before_str(".example.com")' '"Web" + http.req.url.query.value("server")#

add rewrite policy pol_redirect_query q#http.req.header("Host").eq("www.example.com") && http.req.url.contains("?")' act_redirect_query#

Limit the number of requests per second from a URL.

add ns limitSelector ip_limit_selector http.req.url "client.ip.src"

add ns limitIdentifier ip_limit_identifier -threshold 4 -timeSlice 3600 -mode request_rate -limitType smooth -selectorName ip_limit_selector

add responder action my_Web_site_redirect_action redirect "\"http://www.mycompany.com/\""

add responder policy ip_limit_responder_policy "http.req.url.contains(\"myasp.asp\") && sys.check_limit(\"ip_limit_identifier\")" my_Web_site_redirect_action

bind responder global ip_limit_responder_policy 100 END -type default

Check the client IP address but pass the request without modifying the request.

add rewrite policy check_client_ip_policy 'HTTP.REQ.HEADER("x-forwarded-for").EXISTS || HTTP.REQ.HEADER("client-ip").EXISTS' NOREWRITE

bind rewrite global check_client_ip_policy 100 END

Remove old headers from a request and insert an NS-Client header.

add rewrite action del_x_forwarded_for delete_http_header x-forwarded-for

add rewrite action del_client_ip delete_http_header client-ip

add rewrite policy check_x_forwarded_for_policy 'HTTP.REQ.HEADER("x-forwarded-for").EXISTS' del_x_forwarded_for

add rewrite policy check_client_ip_policy 'HTTP.REQ.HEADER("client-ip").EXISTS' del_client_ip

add rewrite action insert_ns_client_header insert_http_header NS-Client 'CLIENT.IP.SRC'

add rewrite policy insert_ns_client_policy 'HTTP.REQ.HEADER("x-forwarded-for").EXISTS || HTTP.REQ.HEADER("client-ip").EXISTS' insert_ns_client_header

bind rewrite global check_x_forwarded_for_policy 100 200

bind rewrite global check_client_ip_policy 200 300

bind rewrite global insert_ns_client_policy 300 END

Remove old headers from a request, insert an NS-Client header, and then modify the “insert header” action so that the value of the inserted header contains the client IP values from the old headers and the NetScaler appliance's connection IP address.

Note that this example repeats the previous example, with the exception of the final set rewrite action.

add rewrite action del_x_forwarded_for delete_http_header x-forwarded-for

add rewrite action del_client_ip delete_http_header client-ip

add rewrite policy check_x_forwarded_for_policy 'HTTP.REQ.HEADER("x-forwarded-for").EXISTS' del_x_forwarded_for

add rewrite policy check_client_ip_policy 'HTTP.REQ.HEADER("client-ip").EXISTS' del_client_ip

add rewrite action insert_ns_client_header insert_http_header NS-Client 'CLIENT.IP.SRC'

add rewrite policy insert_ns_client_policy 'HTTP.REQ.HEADER("x-forwarded-for").EXISTS || HTTP.REQ.HEADER("client-ip").EXISTS' insert_ns_client_header

bind rewrite global check_x_forwarded_for_policy 100 200

bind rewrite global check_client_ip_policy 200 300

bind rewrite global insert_ns_client_policy 300 END

set rewrite action insert_ns_client_header -stringBuilderExpr 'HTTP.REQ.HEADER("x-forwarded-for").VALUE(0) + " " + HTTP.REQ.HEADER("client-ip").VALUE(0) + " " + CLIENT.IP.SRC' -bypassSafetyCheck YES