Configure a cache redirection policy
A cache redirection policy includes one or more expressions (also called rules). Each expression represents a condition that is evaluated when the client request is compared to the policy.
You do not explicitly configure actions for cache redirection policies. By default, the Citrix ADC appliance considers any request that matches a policy to be non-cacheable and directs the request to the origin server instead of the cache.
Cache redirection policies based on the classic policy format are called classic cache redirection policies. Each such policy has a name and includes a classic expression or a set of classic expressions that are combined by using logical operators.
For classic cache redirection policies, you do not explicitly configure actions for the policies. By default, the Citrix ADC appliance considers any request that matches a policy to be non-cacheable and directs the request to the origin server instead of the cache.
Cache redirection policies based on the newer policy format are called Advanced redirection policies. Such policy has a name and includes a default syntax expression, or a set of default syntax expressions that are combined by using logical operators, and the following built-in actions:
- CACHE
- ORIGIN
For more information about classic expressions and default syntax expressions, see Policies and Expressions.
Add a cache redirection policy by using the CLI
At the command prompt, type the following commands to add a cache redirection policy and verify the configuration:
- add cr policy <policyName> **-rule** <expression>
- show cr policy [<policyName>]
<!--NeedCopy-->
Examples:
Policy with a simple expression:
> add cr policy Policy-CRD-1 -rule "REQ.HTTP.URL != /*.jpeg"
Done
> show cr policy Policy-CRD-1
Cache-By-Pass RULE: REQ.HTTP.URL != '/*.jpeg' Policy:Policy-CRD-1
Done
<!--NeedCopy-->
Policy with a compound expression:
> add cr policy Policy-CRD-2 -rule "REQ.HTTP.METHOD == POST && (REQ.HTTP.URL == /*.cgi || REQ.HTTP.URL != /*.gif)"
Done
> show cr policy Policy-CRD-2
Cache-By-Pass RULE: REQ.HTTP.METHOD == POST && (REQ.HTTP.URL == '/*.cgi' || REQ.HTTP.URL != '/*.gif') Policy:Policy-CRD-2
Done
<!--NeedCopy-->
Policy that evaluates a header:
> add cr policy Policy-CRD-3 -rule "REQ.HTTP.HEADER If-Modified-Since EXISTS"
Done
> show cr policy Policy-CRD-3
Cache-By-Pass RULE: REQ.HTTP.HEADER If-Modified-Since EXISTS Policy:Policy-CRD-3
Done
<!--NeedCopy-->
Add a default syntax cache redirection policy by using the CLI
At the command prompt, type the following commands to add a cache redirection policy and verify the configuration:
- add cr policy <policyName> **-rule** <expression> [-action<string>] [-logAction<string>]
- show cr policy [<policyName>]
<!--NeedCopy-->
Examples:
Policy with a simple expression:
> add cr policy crpol1 -rule !(HTTP.REQ.URL.ENDSWITH(".jpeg”)) -action origin
Done
> show cr policy crpoll
Policy: crpol1 Rule: !(HTTP.REQ.URL.ENDSWITH(".jpeg")) Action: ORIGIN
Done
<!--NeedCopy-->
Policy with a compound expression:
> add cr policy crpol11 -rule "http.req.method.eq(post) && (HTTP.REQ.URL.ENDSWITH(".gif") || HTTP.REQ.URL.ENDSWITH(".cgi"))" -action cache
Done
> show cr policy crpol11
Policy: crpol11 Rule: http.req.method.eq(post) && (HTTP.REQ.URL.ENDSWITH(".gif") || HTTP.REQ.URL.ENDSWITH(".cgi")) Action: CACHE
Done
<!--NeedCopy-->
Policy that evaluates a header:
> add cr policy crpol12 -rule http.req.header("If-Modified-Since").exists -action origin
Done
> show cr policy crpol12
Policy: crpol12 Rule: http.req.header("If-Modified-Since").exists Action: ORIGIN
Done
<!--NeedCopy-->
Modify or remove a cache redirection policy by using the CLI
- To modify a cache redirection policy, use the set cr policy command, which is just like add cr policy command, except that you enter the name of an existing policy.
- To remove a policy, use the
rm cr policy
command, which accepts only the <name> argument. If the policy is bound to a virtual server, you have to unbind the policy, before you can remove it.
For the details of unbinding a cache redirection policy, see “Unbind a policy from a cache redirection virtual server.”
Configure a cache redirection policy with a simple expression by using the GUI
-
Navigate to Traffic Management > Cache Redirection > Policies.
-
In the details pane, click Add.
-
In the Create Cache Redirection Policy dialog box, in the Name* text box, type the name of the policy, and then in the Expression area, click Add.
-
To configure a simple expression, enter the expression. Following is an example of an expression that checks for a .jpeg extension in a URL:
- Expression Type-General
- Flow Type -REQ
- Protocol -HTTP
- Qualifier -URL
- Operator - !=
- Value- /.jpeg
The simple expression in the following example checks for an If-Modified-Since header in a request:
- Expression Type -General
- Flow Type -REQ
- Protocol -HTTP
- Qualifier -HEADER
- Operator -EXISTS
- Header Name -If-Modified-Since
-
When you are finished entering the expression, click OK or Create, and then click Close.
Configure a cache redirection policy with a compound expression by using the GUI
-
Navigate to Traffic Management > Cache Redirection > Policies.
-
In the details pane, click Add.
-
In the Name text box, enter a name for the policy.
The name can begin with a letter, number, or the underscore symbol, and can consist of from one to 127 letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), and underscore (_) symbols. You should choose a name that will make it easy for others to tell what type of content this policy was created to detect.
-
Choose the type of compound expression that you want to create. Your choices are:
- Match Any Expression. The policy matches the traffic if one or more individual expressions match the traffic.
-
Match All Expressions. The policy matches the traffic only if every individual expression matches the traffic.
-
Tabular Expressions. Switches the Expressions list to a tabular format with three columns. In the rightmost column, you place one of the following operators:
- The AND [ && ] operator, to require that, to match the policy, a request must match both the current expression and the following expression.
-
The OR [
You can also group expressions in nested subgroups by selecting an existing expression and clicking one of the following operators:
- The BEGIN SUBGROUP [+ ( ] operator, which tells the Citrix ADC appliance to begin a nested subgroup with the selected expression. (To remove this operator from the expression, click -( .)
- The END SUBGROUP [+ ) ] operator, which tells the Citrix ADC appliance to end the current nested subgroup with the selected expression. (To remove this operator from the expression, click -) .)
-
Advanced Free-Form. Switches off the Expressions Editor entirely and turns the Expressions list into a text area in which you can type a compound expression. This is both the most powerful and the most difficult method of creating a policy expression, and is recommended only for those thoroughly familiar with the Citrix ADC classic expressions language.
For more information about creating classic expressions in the Advanced Free-Form text area, see “Configuring Classic Policies and Expressions”.
Caution: If you switch to Advanced Free Form expression editing mode, you cannot switch back to any of the other modes. Do not choose this expression editing mode unless you are sure that you want to use it.
-
If you chose Match Any Expression, Match All Expressions, or Tabular Expressions, click Add to display the Add Expression dialog box.
You should leave the expression type set to General for cache redirection policies.
-
In the Flow Type drop-down list, choose a flow type for your expression.
The flow type determines whether the policy examines incoming or outgoing connections. You have two choices:
- REQ. Configures the Citrix ADC appliance to examine incoming connections, or requests.
- RES. Configures the appliance to examine outgoing connections, or responses.
-
In the Protocol drop-down list, choose a protocol for your expression.
The protocol determines the type of information that the policy examines in the request or response. Depending upon whether you chose REQ or RES in the previous drop-down list, either all four or only three of the following choices are available:
- HTTP. Configures the appliance to examine the HTTP header.
- SSL. Configures the appliance to examine the SSL client certificate. Available only if you chose REQ (requests) in the previous drop-down list.
- TCP. Configures the appliance to examine the TCP header.
- IP. Configures the appliance to examine the source or destination IP address.
-
Choose a qualifier for your expression from the Qualifier drop-down list.
The contents of the Qualifier drop-down list depend on which protocol you chose. The following table describes the choices available for each protocol.
Table 1. Cache Redirection Policy Qualifiers Available for Each Protocol
Protocol Qualifier Definition HTTP METHOD HTTP method used in the request. - URL Contents of the URL header. - URLTOKENS URL tokens in the HTTP header. - VERSION HTTP version of the connection. - HEADER Header portion of the HTTP request. - URLLEN Length of the contents of the URL header. - URLQUERY Query portion of the contents of the URL header. - URLQUERYLEN Length of the query portion of the URL header. SSL CLIENT.CERT SSL client certificate as a whole. - CLIENT.CERT.SUBJECT Contents of the client certificate subject field. - CLIENT.CERT.ISSUER Client certificate issuer. - CLIENT.CERT.SIGALGO Signature algorithm used in the client certificate. - CLIENT.CERT.VERSION Client certificate version. - CLIENT.CERT.VALIDFROM Date from which the client certificate is valid. (The start date.) - CLIENT.CERT.VALIDTO Date after which the client certificate is no longer valid. (The end date.) - CLIENT.CERT.SERIALNUMBER Client certificate serial number. - CLIENT.CIPHER.TYPE Encryption method used in the client certificate. - CLIENT.CIPHER.BITS Number of significant bits in the encryption key. - CLIENT.SSL.VERSION SSL version of the client certificate. TCP SOURCEPORT Source port of the TCP connection. - DESTPORT Destination port of the TCP connection. - MSS Maximum segment size (MSS) of the TCP connection. IP SOURCEIP Source IP address of the connection. - DESTIP Destination IP address of the connection. -
Choose the operator for your expression from the Operator drop-down list.
Your choices depend on the qualifier you chose in the previous step. The complete list of operators that can appear in this drop-down list is:
- == . Matches the following text string exactly.
- != . Does not match the following text string.
-
. Is greater than the following integer.
- CONTAINS . Contains the following text string.
- CONTENTS . The contents of the designated header, URL, or URL query.
- EXISTS . The specified header or query exists.
- NOTCONTAINS . Does not contain the following text string.
- NOTEXISTS . The specified header or query does not exist.
If you want this policy to operate on requests sent to a specific Host, you can leave the default, the equals (==) sign.
-
If the Value text box is visible, type the appropriate string or number into the text box.
For example, if you want this policy to select requests sent to the host shopping.example.com, you would type that string in the Value text box.
-
If you chose HEADER as the qualifier, type the header you want in the Header Name text box.
-
Click OK to add your expression to the Expression list.
-
Repeat steps 4 through 11 to create additional expressions.
-
Click Close to close the Add Expression dialog box and return to the Create Cache Redirection Policy dialog box.
In this article
- Add a cache redirection policy by using the CLI
- Add a default syntax cache redirection policy by using the CLI
- Modify or remove a cache redirection policy by using the CLI
- Configure a cache redirection policy with a simple expression by using the GUI
- Configure a cache redirection policy with a compound expression by using the GUI