ADC

About evaluating HTTP and TCP payload

The payload of an HTTP request or response consists of HTTP protocol information such as headers, a URL, body content, a version, and status information. When you configure a default syntax expression to evaluate HTTP payload, you use a default syntax expression prefix and, if necessary, an operator.

For example, use the following expression, which includes the http.req.header("<header_name>") prefix and the exists operator, if you want to determine whether an HTTP connection includes a custom header named “myHeader”:

http.req.header("myHeader").exists

You can also combine multiple advanced policy expressions with Boolean and arithmetic operators. For example, the following compound expression can be useful with various Citrix ADC features, such as Integrated Caching, Rewrite, and Responder. This expression first uses the && Boolean operator to determine whether an HTTP connection includes the Content-Type header with a value of “text/html.” If that operation returns a value of FALSE, the expression determines whether the HTTP connection includes a “Transfer-Encoding” or “Content-Length” header.

(http.req.header("Content-Type").exists && http.req.header("Content-Type").eq("text/html")) || (http.req.header("Transfer-Encoding").exists) || (http.req.header("Content-Length").exists)

The payload of a TCP or UDP packet is the data portion of the packet. You can configure Advanced policy expressions to examine features of a TCP or UDP packet, including the following:

  • Source and destination domains

  • Source and destination ports

  • The text in the payload

  • Record types

The following expression prefixes extract text from the body of the payload:

  • HTTP.REQ.BODY(integer). Returns the body of an HTTP request as a multiline text object, up to the character position designated in the integer argument. If there are fewer characters in the body than is specified in the argument, the entire body is returned.

Note:

The HTTP.REQ based expressions don’t work with the SSL_BRIDGE protocol type.

  • HTTP.RES.BODY(integer). Returns a portion of the HTTP response body. The length of the returned text is equal to the number in the integer argument. If there are fewer characters in the body than is specified in an integer, the entire body is returned.
  • CLIENT.TCP.PAYLOAD(integer). Returns TCP payload data as a string, starting with the first character in the payload and continuing for the number of characters in the integer argument.

Following is an example that evaluates to TRUE if a response body of 1024 bytes contains the string “https”, and this string occurs after the string “start string” and before the string “end string”:

http.res.body(1024).after_str("start_string").before_str("end_string").contains("https")

Note:

You can apply any text operation to the payload body. For information on operations that you can apply to text, see Advanced policy expressions: Evaluating text.

About evaluating HTTP and TCP payload