User's Manual

ManualsBrandsCitrix Systems ManualsNetwork RouterCitrix Systems Network Router 9.2

201

202

203

204

205

206

207

208

209

210

194 Citrix NetScaler Policy Configuration and Reference Guide

sys.http_callout(authCallout).contains("someText")

If the return type is NUM, the following expression is valid:

sys.http_callout(authCallout).gt(500)

The following example shows the use of SYS.HTTP_CALLOUT to retrieve a

source IP address and insert it in a header of an HTTP request. (Bold is used for

emphasis.)

set policy httpCallout extractSrcIPCallout -ipAddress 10.101.

10.10 -port 80 -returnType text -hostExpr

"\"10.101.10.10\""

-urlStemExpr

"\"/mysite/index.html\"" -resultExpr 'server.ip.

src'

add rewrite action insertSrcIPAction insert_http_header Name

"sys.http_callout(extractSrcIPCallout)" -bypassSafetyCheck yes

add rewrite policy insertSrcIPPolicy

"http.req.

header(\

"MyHeader\").exists" insertSrcIPAction

bind rewrite global insertHostHeaderPolicy 100 END -type

req_default

The following example shows the use of SYS.HTTP_CALLOUT to retrieve

notification regarding whether a client IP address is blocked from a server and

configure a “You are banned” message in the Responder. (Bold is used for

emphasis.)

add policy httpCallout blockedCalloutPolicy

set policy httpCallout blockedCalloutPolicy -returnType text

-ipAddress 10.100.10.10 -port 80 -fullReqExpr '

"Get

/cgi-bin/is_ip_blocked?ip=

" + client.ip.src + "http/1.1\r\n" +

"Host: my_server\r\n\r\n"' -resultExpr 'http.res.

header(

"Result")'

add responder action blockedResponderAction respondwith

"HTTP/1.1 200OK\r\n Content=Length: 17 \r\n\r\nYour IP is

banned

add responder policy blockedResponderPolicy

"http.req.url.

eq(

"/") && sys.http.callout(blockedCalloutPolicy).

eq(

"Blocked") blockedResponderAction

bind responder global blockedResponderPolicy 100 END -type

res_override

Notes on Invoking a Callout

When invoking an HTTP callout in a policy or an action, be sure that the callout

invocation does not trigger additional callouts. For example, a policy should not

invoke an HTTP callout named MyCalloutPL if the policy expression contains

the URL /mycallout.pl. The following is an example: