-
AppExpert Applications and Templates
-
Configure application authentication, authorization, and auditing
-
-
Advanced Policy Expressions: Working with Dates, Times, and Numbers
-
Advanced Policy Expressions: Parsing HTTP, TCP, and UDP Data
-
Advanced Policy Expressions: IP and MAC Addresses, Throughput, VLAN IDs
-
-
-
-
Configuring a Rewrite Policy
-
Rewrite Action and Policy Examples
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Configuring a Rewrite Policy
After you create any needed rewrite action, you must create at least one rewrite policy to select the requests that you want the Citrix ADC appliance to rewrite.
A rewrite policy consists of a rule, which itself consists of one or more expressions. And an associated action that is done if a request or response matches the rule. Policy rules for evaluating HTTP requests and responses can be based on almost any part of a request or response.
You can’t use TCP rewrite actions to rewrite data other than the TCP payload. You can base the policy rules for TCP rewrite policies on the information in the transport layer. And the layers below the transport layer.
If a configured rule matches a request or response, the corresponding policy is triggered and the action associated is carried out.
Note: You can use either the command line interface or the configuration utility to create and configure rewrite policies. Users who are not thoroughly familiar with the command line interface and the Citrix ADC Policy expression language will usually find using the configuration utility much easier.
To add a new rewrite policy by using the command line interface
At the command prompt, type the following commands to add a new rewrite policy and verify the configuration:
- <add rewrite policy <name> <expression> <action> [<undefaction>]
- <show rewrite policy <name>
Example 1. Rewriting HTTP Content:
> add rewrite policy policyNew "HTTP.RES.IS_VALID" insertact NOREWRITE
Done
> show rewrite policy policyNew
Name: policyNew
Rule: HTTP.RES.IS_VALID
RewriteAction: insertact
UndefAction: NOREWRITE
Hits: 0
Undef Hits: 0
Done
<!--NeedCopy-->
Example 2. Rewriting a TCP Payload (TCP Rewrite):
> add rewrite policy client_tcp_payload_policy CLIENT.IP.SRC.EQ(172.168.12.232) client_tcp_payload_replace_all
Done
> show rewrite policy client_tcp_payload_policy
Name: client_tcp_payload_policy
Rule: CLIENT.IP.SRC.EQ(172.168.12.232)
RewriteAction: client_tcp_payload_replace_all
UndefAction: Use Global
LogAction: Use Global
Hits: 0
Undef Hits: 0
Done
>
<!--NeedCopy-->
To modify an existing rewrite policy by using the command line interface
At the command prompt, type the following commands to modify an existing rewrite policy and verify the configuration:
- <set rewrite policy <name>-rule <expression-action <action> [<undefaction>]
- <show rewrite policy <name>
Example:
> set rewrite policy policyNew -rule "HTTP.RES.IS_VALID" -action insertaction
Done
> show rewrite policy policyNew
Name: policyNew
Rule: HTTP.RES.IS_VALID
RewriteAction: insertaction
UndefAction: NOREWRITE
Hits: 0
Undef Hits: 0
Done
<!--NeedCopy-->
To remove a rewrite policy by using the command line interface
At the command prompt, type the following command to remove a rewrite policy:
rm rewrite policy <name>
Example:
> rm rewrite policy policyNew
Done
<!--NeedCopy-->
To configure a rewrite policy by using the configuration utility
- Navigate to AppExpert > Rewrite > Policies.
- In the details pane, do one of the following:
- To create a policy, click Add.
- To modify an existing policy, select the policy, and then click Open.
- Click Create or OK. A message appears in the status bar, stating that the Policy has been configured successfully.
- Repeat steps 2 through 4 to create or modify as many rewrite actions as you want.
- Click Close. To delete a rewrite policy, select the rewrite policy you want to delete, then click Remove and, when prompted, confirm your choice by clicking OK.
Create rewrite policy for content security headers, XSS protection, HSTS, X-Content-Type-Options, and Content-Security-Policy
At the command prompt, type the following rewrite action commands to add Security header to webpages served through NetScaler using rewrites.
add rewrite action insert_STS_header insert_http_header Strict-Transport-Security "\"max-age=157680000\""
add rewrite action rw_act_insert_XSS_header insert_http_header X-Xss-Protection "\"1; mode=block\""
add rewrite action rw_act_insert_Xcontent_header insert_http_header X-Content-Type-Options "\"nosniff\""
add rewrite action rw_act_insert_Content_security_policy insert_http_header Content-Security-Policy "\"default-src \'self\' ; script-src \'self\' \'unsafe-inline\' \'unsafe-eval\' ; style-src \'self\' \'unsafe-inline\' \'unsafe-eval\'; img-src \'self\' data:\""
<!--NeedCopy-->
At the command prompt, type the following rewrite policy commands to add Security header to webpages served through NetScaler using rewrites.
add rewrite policy enforce_STS true insert_STS_header
add rewrite policy rw_pol_insert_XSS_header "HTTP.RES.HEADER("X-Xss-Protection").EXISTS.NOT" rw_act_insert_XSS_header
add rewrite policy rw_pol_insert_XContent TRUE rw_act_insert_Xcontent_header
add rewrite policy rw_pol_insert_Content_security_policy TRUE rw_act_insert_Content_security_policy
<!--NeedCopy-->
At the command prompt, type the following commands to bind policies to virtual server on Response using Goto Expression NEXT.
bind vpn vserver access -policy enforce_STS -priority 100 -gotoPriorityExpression NEXT -type RESPONSE
bind vpn vserver "VSERVERNAME" -policy rw_pol_insert_XSS_header -priority 110 -gotoPriorityExpression NEXT -type RESPONSE
bind vpn vserver access -policy rw_pol_insert_XContent -priority 120 -gotoPriorityExpression NEXT -type RESPONSE
bind vpn vserver access -policy rw_pol_insert_Content_security_policy -priority 130 -gotoPriorityExpression NEXT -type RESPONSE
<!--NeedCopy-->
Configure rewrite policy for content security headers, XSS protection, HSTS, X-Content-Type-Options, and Content-Security-Policy using configuration utility
- Navigate to AppExpert > Rewrite > Actions
- Click Add to create rewrite actions for each one of the headers.
- Navigate to AppExpert > Rewrite > Policies
- Click Add to create rewrite policies and link them to actions.
- Bind policies to virtual server on Response using the Goto Expression NEXT.
Note: In SSLVPN, we need to use the below Content-Security Action:
add rewrite action Rewrite_Insert_Content-Security-Policy insert_http_header Content-Security-Policy "\"default-src \'self\' ; script-src \'self\' \'unsafe-inline\' \'unsafe-eval\' ; style-src \'self\' \'unsafe-inline\' \'unsafe-eval\'; img-src \'self\' http://localhost:* data:;\"
<!--NeedCopy-->
The localhost exception is required because the browser passes the cookie/GW information to the plug-in using localhost HTTP call. Since the CSP had only “self”, only calls to the virtual server would be allowed.
Share
Share
In this article
- To add a new rewrite policy by using the command line interface
- To modify an existing rewrite policy by using the command line interface
- To remove a rewrite policy by using the command line interface
- To configure a rewrite policy by using the configuration utility
- Create rewrite policy for content security headers, XSS protection, HSTS, X-Content-Type-Options, and Content-Security-Policy
- Configure rewrite policy for content security headers, XSS protection, HSTS, X-Content-Type-Options, and Content-Security-Policy using configuration utility
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.