-
AppExpert Applications and Templates
-
Configure application authentication, authorization, and auditing
-
-
AppQOE Actions
-
-
Advanced Policy Expressions: Working with Dates, Times, and Numbers
-
Advanced Policy Expressions: Parsing HTTP, TCP, and UDP Data
-
Advanced Policy Expressions: IP and MAC Addresses, Throughput, VLAN IDs
-
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
AppQoE actions
After enabling the AppQoE feature, you must configure one or more actions for handling request.
Important:
No specific individual parameters are required to create an action, but you must include at least one parameter or you cannot create the action.
To configure an AppQoE action by using the command line
At the command prompt, type the following commands:
add appqoe action <name> [-priority <priority>] [-respondWith (ACS|NS) [<customfile>] [-altContentSvcName <string>] [-altContentPath <string>] [-maxConn <positive_integer>] [-delay <usecs>] [-polqDepth <positive_integer>] [-priqDepth <positive_integer>] [-dosTrigExpression <expression>] [-dosAction ( **SimpleResponse** | **HICResponse** )]show appqoe action
Example
To configure priority queuing with policy queue depths of 10 and 1000 for medium and lowest priority queues, respectively:
> add appqoe action appqoe-act-basic-prhigh -priority HIGH
Done
> add appqoe action appqoe-act-basic-prmedium -priority MEDIUM -polqDepth 10
Done
> add appqoe action appqoe-act-basic-prlow -priority LOW -polqDepth 1000
Done
> show appqoe action
1. Name: appqoe-act-basic-prhigh
ActionType: PRIORITY_QUEUING
Priority: HIGH
PolicyQdepth: 0
Qdepth: 0
1. Name: appqoe-act-basic-prmedium
ActionType: PRIORITY_QUEUING
Priority: MEDIUM
PolicyQdepth: 10
Qdepth: 0
1. Name: appqoe-act-basic-prlow
ActionType: PRIORITY_QUEUING
Priority: LOW
PolicyQdepth: 1000
Qdepth: 0
Done
<!--NeedCopy-->
To modify an existing AppQoE action by using the command line
At the command prompt, type the following commands:
set appqoe action <name> [-priority <priority>] [-altContentSvcName <string>] [-altContentPath <string>] [-polqDepth <positive_integer>] [-priqDepth <positive_integer>] [-maxConn <positive_integer>] [-delay <usecs>] [-dosTrigExpression <expression>] [-dosAction ( SimpleResponse | HICResponse )]show appqoe action
To remove an AppQoE action by using the command line
At the command prompt, type the following commands:
rm appqoe action <name>show appqoe action
Parameters for configuring an AppQoE action
-
name. A name for the new action, or the name of the existing action that you want to modify. The name can begin with a letter, number, or the underscore symbol, and can consist of from one to letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at sign (@), equals (=), colon (:), and underscore (_) symbols.
-
priority. The priority queue to which the request is assigned. When a protected web server or application is heavily loaded and cannot accept additional requests, specifies the order in which waiting requests are to be fulfilled when resources are available. The choices are:
- HIGH. Fulfills the request as soon as resources are available.
- MEDIUM. Fulfills the request after it has fulfilled all requests in the HIGH priority queue.
- LOW. Fulfills the request after it has fulfilled all requests in the HIGH and MEDIUM priority queues.
- LOWEST. Fulfills the request only after it has fulfilled all requests in higher-priority queues.
If priority is not configured, then the Citrix ADC appliance assigns the request to the LOWEST priority queue by default.
-
respondWith. Configures the Citrix ADC to take the specified Responder action when the specified threshold is reached. Must be used with one of the following settings:
- ACS: Serves content from an alternate content service. Threshold: maxConn (maximum connections) or delay.
- NS: Serves a built-in response from the Citrix ADC. Threshold: maxConn (maximum connections) or delay.
- NO ACTION: Serves no alternative content. Assigns connections to the LOWEST priority queue if the maxConn (maximum connections) or delay threshold is reached.
-
altContentSvcName. If -responseWith ACS is specified, the name of the alternative content service, usually an absolute URL to the web server that hosts the alternate content.
-
altContentPath. If -responseWith ( ACS NS ) is specified, the path to the alternative content. -
olqDepth. Policy queue depth threshold value for the policy queue associated with this action. When the number of connections in the policy queue associated with this action increases to the specified number, subsequent requests are assigned to the LOWEST policy queue. Minimum value: 1 Maximum value: 4,294,967,294
-
priqDepth. Policy queue depth threshold value for the specified priority queue. If the number of requests in the specified queue on the virtual server to which the policy associated with the current action is bound increases to the specified number, subsequent requests are assigned to the LOWEST priority queue. Minimum value: 1 Maximum value: 4,294,967,294
-
maxConn. The maximum number of connections that can be open for requests that match the policy rule. Minimum value: 1 Maximum value: 4,294,967,294
-
delay. The delay threshold, in microseconds, for requests that match the policy rule. If a matching request has been delayed for longer than the threshold, the Citrix ADC appliance performs the specified action. If NO ACTION is specified, then the appliance assigns requests to the LOWEST priority queue. Minimum value: 1 Maximum value: 599999,999
-
dosTrigExpression. Adds an optional second-level check to trigger DoS actions.
- dosAction. Action to take when the appliance determines that it or a protected server is under DoS attack. Possible values: SimpleResponse, HICResponse.
These values specify HTTP challenge-response methods for validating the authenticity of incoming requests to mitigate an HTTP-DDoS attack.
In the HTTP challenge-response generation and validation process, AppQoE uses cookies to validate the client’s response and verify that the client seems to be genuine. When sending a challenge, a Citrix ADC appliance generates two cookies:
Header cookie (_DOSQ). Contains client-specific information, so that the Citrix ADC appliance can verify the response.
Body cookie (_DOSH). Information used to validate the client machine. The client’s browser (or the user, in the case of HIC) computes a value for this cookie. The Citrix ADC appliance compares that value with the expected value to verify the client.
The information that the appliance sends to the client for computing the _DOSH value is based on the DoS Action configuration.
-
SimpleResponse: In this case, a Citrix ADC appliance splits the value and generates a JavaScript code to combine the final value. A client machine capable of computing the original value is considered genuine.
-
HICResponse: in this case, a Citrix ADC appliance generates two single-digit numbers and generates images for those numbers. Then, using a backpatch framework, the appliance inserts those images as base64 strings.
Limitations
-
This is not a trivial CAPTCHA implementation, which is why that term not used.
-
The validation number is based on a Citrix ADC-generated number that does not change for 120s. This number should be dynamic or client specific.
To configure an AppQoE action by using the configuration utility
- Navigate to App-Expert > AppQoE > Actions.
- In the details pane, do one of the following:
- To create a new action, click Add.
- To modify an existing action, select the action, and then click Edit.
- In the Create AppQoE Action or the Configure AppQoE Action screen, type or select values for the parameters. The contents of the dialog box correspond to the parameters described in “Parameters for configuring the AppQoE Action” as follows (asterisk indicates a required parameter):
- Name—name
- Action type—respondWith
- Priority—priority
- Policy Queue Depth—polqDepth
- Queue Depth—priqDepth
- DOS Action—dosAction
- Click Create or OK.
Share
Share
In this article
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.