Expressions reference-classic expressions
Warning
Classic policy expressions are no longer supported from Citrix ADC 12.0 build 56.20 onwards and as an alternative, Citrix recommends you to use Advanced policies. For more information, see Advanced Policies
The subtopics listed in the table of contents on the left side of your screen contain tables listing the Citrix ADC classic expressions.
In the table of operators, the result type of each operator is shown at the beginning of the description. In the other tables, the level of each expression is shown at the beginning of the description. For named expressions, each expression is shown as a whole.
Operators
Expression Element | Definition |
---|---|
== | Boolean. Returns TRUE if the current expression equals the argument. For text operations, the items being compared must exactly match one another. For numeric operations, the items must evaluate to the same number. |
!= | Boolean. Returns TRUE if the current expression does not equal the argument. For text operations, the items being compared must not exactly match one another. For numeric operations, the items must not evaluate to the same number. |
CONTAINS | Boolean. Returns TRUE if the current expression contains the string that is designated in the argument. |
NOTCONTAINS | Boolean. Returns TRUE if the current expression does not contain the string that is designated in the argument. |
CONTENTS | Text. Returns the contents of the current expression. |
EXISTS | Boolean. Returns TRUE if the item designated by the current expression exists. |
NOTEXISTS | Boolean. Returns TRUE if the item designated by the current expression does not exist. |
|
Boolean. Returns TRUE if the current expression evaluates to a number that is greater than the argument. |
< | Boolean. Returns TRUE if the current expression evaluates to a number that is less than the argument. |
|
Boolean. Returns TRUE if the current expression evaluates to a number that is greater than or equal to the argument. |
<= | Boolean. Returns TRUE if the current expression evaluates to a number that is less than or equal to the argument. |
General expressions
Expression Element | Definition |
---|---|
REQ | Flow Type. Operates on incoming (or request) packets. |
REQ.HTTP | Protocol. Operates on HTTP requests. |
REQ.HTTP.METHOD | Qualifier. Designates the HTTP method. |
REQ.HTTP.URL | Qualifier. Designates the URL. |
REQ.HTTP.URLTOKENS | Qualifier. Designates the URL token. |
REQ.HTTP.VERSION | Qualifier. Designates the HTTP version. |
REQ.HTTP.HEADER | Qualifier. Designates the HTTP header. |
REQ.HTTP.URLLEN | Qualifier. Designates the number of characters in the URL. |
REQ.HTTP.URLQUERY | Qualifier. Designates the query portion of the URL. |
REQ.HTTP.URLQUERYLEN | Qualifier. Designates the length of the query portion of the URL. |
REQ.SSL | Protocol. Operates on SSL requests. |
REQ.SSL.CLIENT.CERT | Qualifier. Designates the entire client certificate. |
REQ.SSL.CLIENT.CERT.SUBJECT | Qualifier. Designates the client certificate subject. |
REQ.SSL.CLIENT.CERT.ISSUER | Qualifier. Designates the issuer of the client certificate. |
REQ.SSL.CLIENT.CERT.SIGALGO | Qualifier. Designates the validation algorithm used by the client certificate. |
REQ.SSL.CLIENT.CERT.VERSION | Qualifier. Designates the client certificate version. |
REQ.SSL.CLIENT.CERT.VALIDFROM | Qualifier. Designates the date before which the client certificate is not valid. |
REQ.SSL.CLIENT.CERT.VALIDTO | Qualifier. Designates the date after which the client certificate is not valid. |
REQ.SSL.CLIENT.CERT.SERIALNUMBER | Qualifier. Designates the serial number of the client certificate. |
REQ.SSL.CLIENT.CIPHER.TYPE | Qualifier. Designates the encryption protocol used by the client. |
REQ.SSL.CLIENT.CIPHER.BITS | Qualifier. Designates the number of bits used by the client’s SSL key. |
REQ.SSL.CLIENT.SSL.VERSION | Qualifier. Designates the SSL version that the client is using. |
REQ.TCP | Protocol. Operates on incoming TCP packets. |
REQ.TCP.SOURCEPORT | Qualifier. Designates the source port of the incoming packet. |
REQ.TCP.DESTPORT | Qualifier. Designates the destination port of the incoming packet. |
REQ.IP | Protocol. Operates on incoming IP packets. |
REQ.IP.SOURCEIP | Qualifier. Designates the source IP of the incoming packet. |
REQ.IP.DESTIP | Qualifier.Designates the destination IP of the incoming packet. |
RES | Flow Type. Operates on outgoing (or response) packets. |
RES.HTTP | Protocol. Operates on HTTP responses. |
RES.HTTP.VERSION | Qualifier. Designates the HTTP version. |
RES.HTTP.HEADER | Qualifier. Designates the HTTP header. |
RES.HTTP.STATUSCODE | Qualifier. Designates the status code of the HTTP response. |
RES.TCP | Protocol. Operates on incoming TCP packets. |
RES.TCP.SOURCEPORT | Qualifier. Designates the source port of the outgoing packet. |
RES.TCP.DESTPORT | Qualifier. Designates the destination port of the outgoing packet. |
RES.IP | Protocol. Operates on outgoing IP packets. |
RES.IP.SOURCEIP | Qualifier. Designates the source IP of the outgoing packet. This can be in IPv4 or IPv6 format. For example: add expr exp3 “sourceip == 10.102.32.123 –netmask 255.255.255.0 && destip == 2001::23/120”. |
RES.IP.DESTIP | Qualifier. Designates the destination IP of the outgoing packet. |
Client security expressions
The expressions to configure client settings on the Access Gateway with the following software:
- Antivirus
- Personal firewall
- Antispam
- Internet Security
For example usage, see http://support.citrix.com/article/CTX112599.
Actual Expression | Definition |
---|---|
CLIENT.APPLICATION.AV( |
Checks whether the client is running the designated anti-virus program and version. |
CLIENT.APPLICATION.AV( |
Checks whether the client is not running the designated anti-virus program and version. |
CLIENT.APPLICATION.PF( |
Checks whether the client is running the designated personal firewall program and version. |
CLIENT.APPLICATION.PF( |
Checks whether the client is not running the designated personal firewall program and version. |
CLIENT.APPLICATION.IS( |
Checks whether the client is running the designated internet security program and version. |
CLIENT.APPLICATION.IS( |
Checks whether the client is not running the designated internet security program and version. |
CLIENT.APPLICATION.AS( |
Checks whether the client is running the designated anti-spam program and version. |
CLIENT.APPLICATION.AS( |
Checks whether the client is not running the designated anti-spam program and version. |
Network-based expressions
Expression | Definition |
---|---|
REQ | Flow Type. Operates on incoming, or request, packets. |
REQ.VLANID | Qualifier. Operates on the virtual LAN (VLAN) ID. |
REQ.INTERFACE.ID | Qualifier. Operates on the ID of the designated Citrix ADC interface. |
REQ.INTERFACE.RXTHROUGHPUT | Qualifier. Operates on the raw received packet throughput of the designated Citrix ADC interface. |
REQ.INTERFACE.TXTHROUGHPUT | Qualifier. Operates on the raw transmitted packet throughput of the designated Citrix ADC interface. |
REQ.INTERFACE.RXTXTHROUGHPUT | Qualifier. Operates on the raw received and transmitted packet throughput of the designated Citrix ADC interface. |
REQ.ETHER.SOURCEMAC | Qualifier. Operates on the source MAC address. |
REQ.ETHER.DESTMAC | Qualifier. Operates on the destination MAC address. |
RES | Flow Type. Operates on outgoing (or response) packets. |
RES.VLANID | Qualifier. Operates on the virtual LAN (VLAN) ID. |
RES.INTERFACE.ID | Qualifier. Operates on the ID of the designated Citrix ADC interface. |
RES.INTERFACE.RXTHROUGHPUT | Qualifier. Operates on the raw received packet throughput of the designated Citrix ADC interface. |
RES.INTERFACE.TXTHROUGHPUT | Qualifier. Operates on the raw transmitted packet throughput of the designated Citrix ADC interface. |
RES.INTERFACE.RXTXTHROUGHPUT | Qualifier. Operates on the raw received and transmitted packet throughput of the designated Citrix ADC interface. |
RES.ETHER.SOURCEMAC | Qualifier. Operates on the source MAC address. |
RES.ETHER.DESTMAC | Qualifier. Operates on the destination MAC address. |
Date/time expressions
Expression | Definition |
---|---|
TIME | Qualifier. Operates on the date and time of day, GMT. |
DATE | Qualifier. Operates on the date, GMT. |
DAYOFWEEK | Operates on the specified day in the week, GMT. |
File system expressions
You can specify file system expressions in authorization policies for users and groups who access file sharing through the Citrix Gateway file transfer utility (the VPN portal). These expressions work with the Citrix Gateway file transfer authorization feature to control user access to file servers, folders, and files. For example, you can use these expressions in authorization policies to control access based on file type and size.
For more information, refer to the File Name Expression pdf.
Note: File system expressions do not support regular expressions.
Built-in named expressions (General)
Expression | Definition |
---|---|
ns_all_apps_ncomp | Tests for connections with destination ports between 0 and 65535. In other words, tests for all applications. |
ns_cachecontrol_nocache | Tests for connections with an HTTP Cache-Control header that contains the value “no-cache”. |
ns_cachecontrol_nostore | Tests for connections with an HTTP Cache-Control header that contains the value “no-store”. |
ns_cmpclient | Tests the client to determine if it accepts compressed content. |
ns_content_type | Tests for connections with an HTTP Content-Type header that contains “text”. |
ns_css | Tests for connections with an HTTP Content-Type header that contains “text/css”. |
ns_ext_asp | Tests for HTTP connections to any URL that contains the string .asp—in other words, any connection to an active server page (ASP). |
ns_ext_cfm | Tests for HTTP connections to any URL that contains the string .cfm |
ns_ext_cgi | Tests for HTTP connections to any URL that contains the string .cgi—in other words, any connection to a common gateway interface (CGI) script. |
ns_ext_ex | Tests for HTTP connections to any URL that contains the string .ex |
ns_ext_exe | Tests for HTTP connections to any URL that contains the string .exe—in other words, any connection to a executable file. |
ns_ext_htx | Tests for HTTP connections to any URL that contains the string .htx |
ns_ext_not_gif | Tests for HTTP connections to any URL that does not contain the string .gif—in other words, any connection to a URL that is not a GIF image. |
ns_ext_not_jpeg | Tests for HTTP connections to any URL that does not contain the string .jpeg—in other words, any connection to a URL that is not a JPEG image. |
ns_ext_shtml | Tests for HTTP connections to any URL that contains the string .shtml—in other words, any connection to a server-parsed HTML page. |
ns_false | Always returns a value of FALSE. |
ns_farclient | Client is in a different geographical region from the Citrix ADC, as determined by the geographical region in the client’s IP address. The following regions are predefined: 192.0.0.0 – 193.255.255.255: Multi-regional, 194.0.0.0 – 195.255.255.255: European Union, 196.0.0.0 – 197.255.255.255: Other1, 198.0.0.0 – , 199.255.255.255: North America, 200.0.0.0 – 201.255.255.255: Central and South America, 202.0.0.0 – 203.255.255.255: Pacific Rim, 204.0.0.0 – 205.255.255.255: Other2, and 206.0.0.0 – 207.255.255.255: Other3 |
ns_header_cookie | Tests for HTTP connections that contain a Cookie header. |
ns_header_pragma | Tests for HTTP connections that contain a Pragma: no-cache header. |
ns_mozilla_47 | Tests for HTTP connections whose User-Agent header contains the string Mozilla/4.7—in other words, any connection from a client using the Mozilla 4.7 Web browser. |
ns_msexcel | Tests for HTTP connections whose Content-Type header contains the string application/vnd.msexcel—in other words, any connection transmitting a Microsoft Excel spreadsheet. |
ns_msie | Tests for HTTP connections whose User-Agent header contains the string MSIE—in other words, any connection from a client using any version of the Internet Explorer Web browser. |
ns_msppt | Tests for HTTP connections whose Content-Type header contains the string application/vnd.ms-powerpoint—in other words, any connection transmitting a Microsoft PowerPoint file. |
ns_msword | Tests for HTTP connections whose Content-Type header contains the string application/vnd.msword—in other words, any connection transmitting a Microsoft Word file. |
ns_non_get | Tests for HTTP connections that use any HTTP method except for GET. |
ns_slowclient | Returns TRUE if the average round trip time between the client and the Citrix ADC is more than 80 milliseconds. |
ns_true | Returns TRUE for all traffic. |
ns_url_path_bin | Tests the URL path to see if it points to the /bin/ directory. |
ns_url_path_cgibin | Tests the URL path to see if it points to the CGI-BIN directory. |
ns_url_path_exec | Tests the URL path to see if it points to the /exec/directory. |
ns_url_tokens | Tests for the presence of URL tokens. |
ns_xmldata | Tests for the presence of XML data. |
Built-in named expressions (Anti-Virus)
Expression | Definition |
---|---|
McAfee Virus Scan 11 | Tests to determine whether the client is running the latest version of McAfee VirusScan. |
McAfee Antivirus | Tests to determine whether the client is running any version of McAfee Antivirus. |
Symantec AntiVirus 10 (with Updated Definition File) | Tests to determine whether the client is running the most current version of Symantec AntiVirus. |
Symantec AntiVirus 6.0 | Tests to determine whether the client is running Symantec AntiVirus 6.0. |
Symantec AntiVirus 7.5 | Tests to determine whether the client is running Symantec AntiVirus 7.5. |
TrendMicro OfficeScan 7.3 | Tests to determine whether the client is running Trend Microsystems’ OfficeScan, version 7.3. |
TrendMicro AntiVirus 11.25 | Tests to determine whether the client is running Trend Microsystems’ AntiVirus, version 11.25. |
Sophos Antivirus 4 | Tests to determine whether the client is running Sophos Antivirus, version 4. |
Sophos Antivirus 5 | Tests to determine whether the client is running Sophos Antivirus, version 5. |
Sophos Antivirus 6 | Tests to determine whether the client is running Sophos Antivirus, version 6. |
Built-in named expressions (Personal Firewall)
Expression | Definition |
---|---|
TrendMicro OfficeScan 7.3 | Tests to determine whether the client is running Trend Microsystems’ OfficeScan, version 7.3. |
Sygate Personal Firewall 5.6 | Tests to determine whether the client is running the Sygate Personal Firewall, version 5.6. |
ZoneAlarm Personal Firewall 6.5 | Tests to determine whether the client is running the ZoneAlarm Personal Firewall, version 6.5. |
Built-in named expressions (Client Security)
Expression | Definition |
---|---|
Norton Internet Security | Tests to determine whether the client is running any version of Norton Internet Security. |