ADC

Content filtering

Warning:

Filter actions are deprecated from NetScaler 12.0 build 56.20 onwards and as an alternative, Citrix recommends you to use the Responder, Rewrite, or Content Switching features. However, Filter actions are removed and no longer available on the Citrix ADC appliance release 13.1 onwards. For more information, see Responder, Rewrite, or Content Switching topics.

Content filtering can do some of the same tasks as the Citrix Web App Firewall, and is a less CPU-intensive tool. It is limited, however, to examining the header portion of the HTTP request or response and to performing a few simple actions on connections that match. If you have a complex website that makes extensive use of scripts and accesses back-end databases, the Application Firewall might be the better tool for protecting that website. For more information about the Citrix Web App Firewall, see Application Firewall.

Content filtering is based on regular expressions that you can apply to either HTTP requests or HTTP responses. To block requests from a particular site, for example, you can use an expression that compares each request’s URL to the URL specified in the expression. The expression is part of a policy, which also specifies an action to be performed on requests or responses that match the expression. For example, an action might drop a request or reset the connection.

Following are some examples of things you can do with content filtering policies:

  • Prevent users from accessing certain parts of your websites unless they are connecting from authorized locations.
  • Prevent inappropriate HTTP headers from being sent to your Web server, possibly breaching security.
  • Redirect specified requests to a different server or service.

To configure content filtering, once you have made sure that the feature is enabled, you configure filtering actions for your servers to perform on selected connections (unless the predefined actions are adequate for your purposes). Then you can configure policies to apply the actions to selected connections. Your policies can use predefined expressions, or you can create your own. To activate the policies you configured, you bind them either globally or to specific virtual servers.

Content filtering