ADC

Setting the Default Action for a Responder Policy

The NetScaler appliance generates an undefined event (UNDEF event) when a request does not match a responder policy. The appliance then performs the default action assigned to undefined events. By default, the action forwards the request to the next feature such as load balancing, content filtering and so forth. This default behavior ensures the requests do not require any specific responder action to be sent to your Web servers. Also, the clients receive access to the content that they have requested.

If one or more websites your NetScaler appliance protects receive a significant number of invalid or malicious requests, however, you might want to change the default action to either reset the client connection or drop the request. In this type of configuration, you would write one or more responder policies that would match any legitimate requests, and simply redirect those requests to their original destinations. Your NetScaler appliance would then block any other requests as specified by the default action you configured.

You can assign any one of the following actions to an undefined event:

  • NOOP. The NOOP action aborts responder processing but does not alter the packet flow. So that the appliance continues to process requests that do not match any responder policy, and eventually forwards them to the requested URL unless another feature intervenes and blocks or redirects the request. This action is appropriate for normal requests to your Web servers and is the default setting.
  • RESET. If the undefined action is set to RESET, the appliance resets the client connection, informing the client that it must re-establish its session with the Web server. The action is appropriate for repeat requests for webpages that do not exist, or for connections that might be attempts to hack or probe your protected websites.
  • DROP. If the undefined action is set to DROP, the appliance silently drops the request without responding to the client in any way. This action is appropriate for requests that appear to be part of a DDoS attack or other sustained attack on your servers.

Note: UNDEF events are triggered only for client requests. No UNDEF events are triggered for responses.

To set the undefined action by using the NetScaler command line:

At the command prompt, type the following command to set the undefined action and verify the configuration:

  • set responder param -undefAction (RESET|DROP|NOOP) [-timeout <msecs>]
  • show responder param

Where,

timeout - Maximum time in milliseconds to allow for processing all the policies and their selected actions without interruption. If the timeout is reached then the evaluation causes an UNDEF to be raised and no further processing is performed.

Minimum value: 1

Maximum value: 5000

Example:

>set responder param -undefAction RESET -timeout 3900
 Done
> show responder param
Action Name: RESET
Timeout: 3900
 Done
>
<!--NeedCopy-->

Set the undefined action by using the GUI

  1. Navigate to AppExpert > Responder, and then under Settings, click the Change Responder Settings link.
  2. In the Set Responder Params page, set the following parameters:

    1. Global Undefined-Result Action. Undefined-result action is preferred in an unhandled processing exception in the responder policies and actions. Select NOOP, RESET, or DROP.
    2. Timeout. Maximum time in milliseconds to allow for processing all the policies and their selected actions without interruption. If the timeout is reached then the evaluation causes an UNDEF to be raised and no further processing is performed.
  3. Click OK.

GUI procedure to set undefined action for responder policy.

Setting the Default Action for a Responder Policy