-
Getting Started with Citrix ADC
-
Deploy a Citrix ADC VPX instance
-
Optimize Citrix ADC VPX performance on VMware ESX, Linux KVM, and Citrix Hypervisors
-
Apply Citrix ADC VPX configurations at the first boot of the Citrix ADC appliance in cloud
-
Install a Citrix ADC VPX instance on Microsoft Hyper-V servers
-
Install a Citrix ADC VPX instance on Linux-KVM platform
-
Prerequisites for Installing Citrix ADC VPX Virtual Appliances on Linux-KVM Platform
-
Provisioning the Citrix ADC Virtual Appliance by using OpenStack
-
Provisioning the Citrix ADC Virtual Appliance by using the Virtual Machine Manager
-
Configuring Citrix ADC Virtual Appliances to Use SR-IOV Network Interface
-
Configuring Citrix ADC Virtual Appliances to use PCI Passthrough Network Interface
-
Provisioning the Citrix ADC Virtual Appliance by using the virsh Program
-
Provisioning the Citrix ADC Virtual Appliance with SR-IOV, on OpenStack
-
Configuring a Citrix ADC VPX Instance on KVM to Use OVS DPDK-Based Host Interfaces
-
-
Deploy a Citrix ADC VPX instance on AWS
-
Deploy a VPX high-availability pair with elastic IP addresses across different AWS zones
-
Deploy a VPX high-availability pair with private IP addresses across different AWS zones
-
Configure a Citrix ADC VPX instance to use SR-IOV network interface
-
Configure a Citrix ADC VPX instance to use Enhanced Networking with AWS ENA
-
Deploy a Citrix ADC VPX instance on Microsoft Azure
-
Network architecture for Citrix ADC VPX instances on Microsoft Azure
-
Configure multiple IP addresses for a Citrix ADC VPX standalone instance
-
Configure a high-availability setup with multiple IP addresses and NICs
-
Configure a high-availability setup with multiple IP addresses and NICs by using PowerShell commands
-
Configure a Citrix ADC VPX instance to use Azure accelerated networking
-
Configure HA-INC nodes by using the Citrix high availability template with Azure ILB
-
Configure a high-availability setup with Azure external and internal load balancers simultaneously
-
Configure address pools (IIP) for a Citrix Gateway appliance
-
Upgrade and downgrade a Citrix ADC appliance
-
Solutions for Telecom Service Providers
-
Load Balance Control-Plane Traffic that is based on Diameter, SIP, and SMPP Protocols
-
Provide Subscriber Load Distribution Using GSLB Across Core-Networks of a Telecom Service Provider
-
Authentication, authorization, and auditing application traffic
-
Basic components of authentication, authorization, and auditing configuration
-
On-premises Citrix Gateway as an identity provider to Citrix Cloud
-
Authentication, authorization, and auditing configuration for commonly used protocols
-
Troubleshoot authentication and authorization related issues
-
-
-
-
-
-
-
Persistence and persistent connections
-
Advanced load balancing settings
-
Gradually stepping up the load on a new service with virtual server–level slow start
-
Protect applications on protected servers against traffic surges
-
Retrieve location details from user IP address using geolocation database
-
Use source IP address of the client when connecting to the server
-
Use client source IP address for backend communication in a v4-v6 load balancing configuration
-
Set a limit on number of requests per connection to the server
-
Configure automatic state transition based on percentage health of bound services
-
-
Use case 2: Configure rule based persistence based on a name-value pair in a TCP byte stream
-
Use case 3: Configure load balancing in direct server return mode
-
Use case 6: Configure load balancing in DSR mode for IPv6 networks by using the TOS field
-
Use case 7: Configure load balancing in DSR mode by using IP Over IP
-
Use case 10: Load balancing of intrusion detection system servers
-
Use case 11: Isolating network traffic using listen policies
-
Use case 12: Configure Citrix Virtual Desktops for load balancing
-
Use case 13: Configure Citrix Virtual Apps for load balancing
-
Use case 14: ShareFile wizard for load balancing Citrix ShareFile
-
Use case 15: Configure layer 4 load balancing on the Citrix ADC appliance
-
-
-
-
-
Authentication and authorization for System Users
-
-
HTTP/3 Policy Configuration
-
-
Configuring a CloudBridge Connector Tunnel between two Datacenters
-
Configuring CloudBridge Connector between Datacenter and AWS Cloud
-
Configuring a CloudBridge Connector Tunnel Between a Datacenter and Azure Cloud
-
Configuring CloudBridge Connector Tunnel between Datacenter and SoftLayer Enterprise Cloud
-
Configuring a CloudBridge Connector Tunnel Between a Citrix ADC Appliance and Cisco IOS Device
-
CloudBridge Connector Tunnel Diagnostics and Troubleshooting
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Policy configuration for HTTP/3 traffic
HTTP/3 uses QUIC transport which is based on UDP. If you had policy expression defined for the HTTP or SSL virtual server that includes TCP policy expressions, it can no longer be used with a HTTP_QUIC virtual server. All other policies that do not have TCP or classic expressions can be bound with a HTTP_QUIC virtual server. For the policies to take effect, you must ensure that the feature policies are bound to the newly added global bind points as per the following.
- HTTPQUIC_REQ_DEFAULT
- HTTPQUIC_REQ_OVERRIDE
- HTTPQUIC_RES_DEFAULT
- HTTPQUIC_RES_OVERRIDE
Or, the policies can be bound to specific virtual server bind points:
- REQUEST
- RESPONSE
For more information, see Bind policy using advanced policy infrastructure topic.
Following are the policies supported for HTTP over QUIC configuration:
- Responder
- Rewrite
- HTTP Compression
- Integrated Caching
- Web Application Firewall
- URL transformation
- SSL
- Front end optimization (FEO)
- AppQoE
Responder policy configuration for HTTP/3 traffic
HTTP over QUIC type virtual servers have responder policy support. However, as QUIC uses UDP as its transport mechanism, TCP based expressions are excluded and UDP based expressions are included.
New or existing policy configurations with TCP expressions cannot be bound to HTTP/3 QUIC virtual servers or HTTP over QUIC global bind points. Instead of TCP expressions, UDP expressions can be included in the policy configurations that are bound to HTTP/3 QUIC virtual servers or HTTP over QUIC bind points.
Add responder action for redirecting URLs
To add a responder action, at the command prompt, type:
add responder action <name> <type> (<target> | <htmlpage>) [-comment <string>] [-responseStatusCode <positive_integer>] [-reasonPhrase <expression>] [-headers <name(value)> ...]
<!--NeedCopy-->
Example:
add responder action redirectURL redirect "\"https://www.citrix.com/\""
Add responder policy
To add a responder policy, at the command prompt, type:
add responder policy <name> <rule> <action> [<undefAction>] [-comment <string>] [-logAction <string>] [-appflowAction <string>]
<!--NeedCopy-->
Example:
add responder policy res-pol "CLIENT.IP.SRC.IN_SUBNET(10.10.10.10/32)" redirectURL
Add responder policy based UDP expression
To add a responder policy based UDP expression, at the command prompt, type:
add responder policy <name> <rule> <action> [<undefAction>] [-comment <string>] [-logAction <string>] [-appflowAction <string>]
<!--NeedCopy-->
Example:
add responder policy redirectCitrixUdp "CLIENT.UDP.DSTPORT.EQ(443)" redirectURL
Bind responder policy based UDP expression with HTTP/3 QUIC based load balancing virtual server
To bind a responder policy based UDP expression to a load balancing virtual server, at the command prompt, type:
bind lb vserver <name>@ ((<serviceName>@ [-weight <positive_integer>] ) | <serviceGroupName>@ | (-policyName <string>@ [-priority <positive_integer>] [-gotoPriorityExpression <expression>] [-type <type>] [-invoke (<labelType> <labelName>) ] ) | -analyticsProfile <string>@)
<!--NeedCopy-->
Example:
bind lb vserver lb-http3 -policyName redirectCitrixUdp -priority 9 -gotoPriorityExpression END -type REQUEST
Bind responder policy with HTTP/3 QUIC based load balancing virtual server
To bind a responder policy to a load balancing virtual server, at the command prompt, type:
bind lb vserver <name>@ ((<serviceName>@ [-weight <positive_integer>] ) | <serviceGroupName>@ | (-policyName <string>@ [-priority <positive_integer>] [-gotoPriorityExpression <expression>] [-type <type>] [-invoke (<labelType> <labelName>) ] ) | -analyticsProfile <string>@)
<!--NeedCopy-->
Example:
bind lb vserver lb-http3 -policyName redirectCitrixUdp -priority 10 -gotoPriorityExpression END -type REQUEST
Bind responder policy to HTTP/3 global bind point
To bind a responder policy with the HTTP/3 global bind point, at the command prompt, type:
bind responder global <policyName> <priority> [<gotoPriorityExpression>] [-type <type>] [-invoke (<labelType> <labelName>) ] bind responder global redirectCitrixUdp 3 -type HTTPQUIC_REQ_DEFAULT
<!--NeedCopy-->
Example:
bind responder global redirectCitrixUdp 3 -type HTTPQUIC_REQ_DEFAULT
Note:
For more information, see Responder policy documentation.
Rewrite policy configuration for HTTP/3 traffic
HTTP over QUIC type virtual servers have rewrite policy support. However, as QUIC uses UDP as its transport mechanism, TCP based expressions are excluded and UDP based expressions are included.
New or existing policy configurations with TCP expressions cannot be bound to HTTP/3 virtual servers or to the newly added HTTP/3 global bind points. Instead of TCP expressions, UDP expressions can be included in the policy configurations that are bound to HTTP/3 QUIC virtual servers or HTTP over QUIC bind points.
Following are the configuration steps to configure the rewrite policy for HTTP3 over QUIC.
Add rewrite action for HTTP over QUIC
To add rewrite action, at the command prompt, type:
add rewrite action <name> <type> <target> [<stringBuilderExpr>] [-pattern <expression> | -search <expression>] [-refineSearch <expression>] [-comment <string>]
<!--NeedCopy-->
Example:
add rewrite action http3-altsvc-action insert_http_header Alt-Svc q/"h3-29=\":443\"; ma=3600; persist=1"/
Add rewrite policy for HTTP over QUIC
To add a write action, at the command prompt, type:
add rewrite policy <name> <rule> <action> [<undefAction>] [-comment <string>] [-logAction <string>]
<!--NeedCopy-->
Example:
add rewrite policy http3-altsvc-policy true http3-altsvc-action
Bind rewrite policy to load balancing virtual server of type HTTP/3_QUIC
To bind rewrite policy to the load balancing virtual server, at the command prompt, type:
bind lb vserver <name>@ ((<serviceName>@ [-weight <positive_integer>] ) | <serviceGroupName>@ | (-policyName <string>@ [-priority <positive_integer>] [-gotoPriorityExpression <expression>] [-type <type>] [-invoke (<labelType> <labelName>) ] ) | -analyticsProfile <string>@)
<!--NeedCopy-->
Example:
bind lb vserver lb-http3 -policyName http3-altsvc-policy -priority 10 -type RESPONSE
Bind rewrite policy to HTTP/3 global bind point
To bind a responder policy with HTTP/3 global bind point, at the command prompt, type:
bind rewrite global <policyName> <priority> [<gotoPriorityExpression>] [-type <type>] [-invoke (<labelType> <labelName>)]
<!--NeedCopy-->
Example:
bind rewrite global http3-altsvc-policy 3 -type HTTPQUIC_RES_DEFAULT
Note:
For more information, see Rewrite policy documentation.
Compression policy configuration for HTTP/3 traffic
When the Citrix ADC receives an HTTP response from a server, it evaluates the built-in compression policies and any custom compression policies to determine whether to compress the response and, if so, the type of compression to apply. Priorities assigned to the policies determine the order in which the policies are matched against the requests. HTTP over QUIC type virtual servers have compression policy support. However, as QUIC uses UDP as its transport mechanism, TCP based expressions are excluded and UDP based expressions are included. New or existing policy configurations with TCP expressions cannot be bound to HTTP/3 virtual servers or to the newly added HTTP/3 global bind points. Instead of TCP expressions, UDP expressions can be included in the policy configurations that are bound to HTTP/3 QUIC virtual servers or HTTP over QUIC bind points.
Add compression policy
To add compression policy, at the command prompt, type:
add cmp policy <name> -rule <expression> -resAction <string>
<!--NeedCopy-->
Example:
add cmp policy udp_port_cmp_policy -rule "CLIENT.UDP.DSTPORT.EQ(443)" -resAction COMPRESS
Bind compression policy with load balancing virtual server of type HTTP/3_QUIC
To bind URL transformation policy with load balancing virtual server of type HTTP/3_QUIC, at the command prompt, type:
bind lb vserver <name>@ ((<serviceName>@ [-weight <positive_integer>] ) | <serviceGroupName>@ | (-policyName <string>@ [-priority <positive_integer>] [-gotoPriorityExpression <expression>] [-type ( REQUEST | RESPONSE )] [-invoke (<labelType> <labelName>) ] ) | -analyticsProfile <string>@)
<!--NeedCopy-->
Example:
bind lb vserver lb-http3 -policyName udp_port_cmp_policy -priority 10 -type RESPONSE
Bind compression global to HTTP/3 global bind point
To bind a compression policy with the HTTP/3 global bind point, at the command prompt, type:
bind compression global <policyName> <priority> [<gotoPriorityExpression>] [-type <type>] [-invoke (<labelType> <labelName>) ] bind responder global redirectCitrixUdp 3 -type HTTPQUIC_REQ_DEFAULT
<!--NeedCopy-->
Example:
bind cmp global udp_port_cmp_policy -priority 100 -type HTTPQUIC_RES_DEFAULT
Global built-in compression policies
After you upgrade your appliance to Citrix ADC release 13.0 build 82.x, the following compression policies will be automatically bound to the HTTP/3 default bind point.
> sho cmp global -type HTTPQUIC_RES_DEFAULT
Policy Name: ns_adv_nocmp_xml_ie
Priority: 8700
GotoPriorityExpression: END
Type: HTTPQUIC_RES_DEFAULT
Policy Name: ns_adv_nocmp_mozilla_47
Priority: 8800
GotoPriorityExpression: END
Type: HTTPQUIC_RES_DEFAULT
Policy Name: ns_adv_cmp_mscss
Priority: 8900
GotoPriorityExpression: END
Type: HTTPQUIC_RES_DEFAULT
Policy Name: ns_adv_cmp_msapp
Priority: 9000
GotoPriorityExpression: END
Type: HTTPQUIC_RES_DEFAULT
Policy Name: ns_adv_cmp_content_type
Priority: 10000
GotoPriorityExpression: END
Type: HTTPQUIC_RES_DEFAULT
<!--NeedCopy-->
If not bound, the following commands can be configured through the command prompt and you can configuration on your appliance.
bind cmp global ns_adv_nocmp_xml_ie -priority 8700 -gotoPriorityExpression END -type HTTPQUIC_RES_DEFAULT
bind cmp global ns_adv_nocmp_mozilla_47 -priority 8800 -gotoPriorityExpression END -type HTTPQUIC_RES_DEFAULT
bind cmp global ns_adv_cmp_mscss -priority 8900 -gotoPriorityExpression END -type HTTPQUIC_RES_DEFAULT
bind cmp global ns_adv_cmp_msapp -priority 9000 -gotoPriorityExpression END -type HTTPQUIC_RES_DEFAULT
bind cmp global ns_adv_cmp_content_type -priority 10000 -gotoPriorityExpression END -type HTTPQUIC_RES_DEFAULT
For more information, see Compression policy configuration.
Caching policy configuration for HTTP/3 traffic
The integrated cache provides in-memory storage on the Citrix ADC appliance and serves Web content to users without requiring a round trip to an origin server. For static content, the integrated cache requires little initial setup. After you enable the integrated cache feature and perform basic setup (for example, determining the amount of Citrix ADC appliance memory the cache is permitted to use), the integrated cache uses built-in policies to store and serve specific types of static content, including simple webpages and image files. You can also configure the integrated cache to store and serve dynamic content that is marked as non-cacheable by Web and application servers (for example, database records and stock quotes). HTTP over QUIC type virtual servers have cache policy support. However, as QUIC uses UDP as its transport mechanism, TCP based expressions are excluded and UDP based expressions are included.
New or existing policy configurations with TCP expressions cannot be bound to HTTP/3 virtual servers or to the newly added HTTP/3 global bind points. Instead of TCP expressions, UDP expressions can be included in the policy configurations that are bound to HTTP/3 QUIC virtual servers or HTTP over QUIC bind points.
Add cache content group
To add the cache content group, at the command prompt, type:
add cache contentGroup <name> [-weakPosRelExpiry <secs> | -relExpiry <secs> | -relExpiryMilliSec <msecs> | -absExpiry <HH:MM> ... | -absExpiryGMT <HH:MM> ...] [-heurExpiryParam <positive_integer>] [-weakNegRelExpiry <secs>] [-maxResSize <KBytes>] [-memLimit <MBytes>]…
<!--NeedCopy-->
Example::
add cache contentGroup DEFAULT -maxResSize 500
Add cache policy
To add cache policy, at the command prompt, type:
add cache policy <policyName> -rule <expression> -action <action> [-storeInGroup <string>] [-invalGroups <string> ...] [-invalObjects <string> ...] [-undefAction ( NOCACHE | RESET )] add cache policy <name> <rule> <profileName> [-comment <string>] [-logAction <string>]
<!--NeedCopy-->
Example:
add cache policy ctx_doc_pdf -rule "HTTP.REQ.URL.ENDSWITH(\".pdf\")" -action CACHE -storeInGroup DEFAULT
Bind cache policy with load balancing virtual server of type HTTP/3_QUIC
To bind cache policy with load balancing virtual server of type HTTP/3_QUIC, at the command prompt, type:
bind lb vserver <name>@ ((<serviceName>@ [-weight <positive_integer>] ) | <serviceGroupName>@ | (-policyName <string>@ [-priority <positive_integer>] [-gotoPriorityExpression <expression>] [-type ( REQUEST | RESPONSE )] [-invoke (<labelType> <labelName>) ] ) | -analyticsProfile <string>@)
<!--NeedCopy-->
Example:
bind lb vserver lb-http3 -policyName ctx_doc_pdf -priority 100 -type REQUEST
Bind cache policy global to HTTP/3 global bind point
To bind a cache policy HTTP/3 global bind point:
bind cache global <policy> -priority <positive_integer> [-gotoPriorityExpression <expression>] [-type <type>] [-invoke (<labelType> <labelName>) ]
<!--NeedCopy-->
Example:
bind cache global ctx_doc_pdf -priority 3 -type HTTPQUIC_REQ_DEFAULT
For more information, see Integrated cache policy configuration.
Global built-in cache policies
After you upgrade your appliance to Citrix ADC release 13.0 build 82.x, the following cache policies will be automatically bound to the HTTP/3 default bind point.
On upgrade to the 13.0 82.x release, the following cache policies are automatically bound to the HTTP/3 default bind point.
> sho cache global -type HTTPQUIC_REQ_DEFAULT
1) Policy Name: NOPOLICY
Priority: 185883
GotoPriorityExpression: USE_INVOCATION_RESULT
Invoke type: policylabel Invoke name: _httpquicReqBuiltinDefaults
Global bindpoint: HTTPQUIC_REQ_DEFAULT
Done
> sho cache global -type HTTPQUIC_RES_DEFAULT
1) Policy Name: NOPOLICY
Priority: 185883
GotoPriorityExpression: USE_INVOCATION_RESULT
Invoke type: policylabel Invoke name: _httpquicResBuiltinDefaults
Global bindpoint: HTTPQUIC_RES_DEFAULT
<!--NeedCopy-->
After an upgrade, if the policies are not bound, you can use the following commands to manually bind and save the configuration.
add cache policylabel _httpquicReqBuiltinDefaults -evaluates HTTPQUIC_REQ
add cache policylabel _httpquicResBuiltinDefaults -evaluates HTTPQUIC_RES
bind cache policylabel _httpquicReqBuiltinDefaults -policyName _nonGetReq -priority 100
bind cache policylabel _httpquicReqBuiltinDefaults -policyName _advancedConditionalReq -priority 200
bind cache policylabel _httpquicReqBuiltinDefaults -policyName _personalizedReq -priority 300
bind cache policylabel _httpquicResBuiltinDefaults -policyName _uncacheableStatusRes -priority 100
bind cache policylabel _httpquicResBuiltinDefaults -policyName _uncacheableVaryRes -priority 200
bind cache policylabel _httpquicResBuiltinDefaults -policyName _uncacheableCacheControlRes -priority 300
bind cache policylabel _httpquicResBuiltinDefaults -policyName _cacheableCacheControlRes -priority 400
bind cache policylabel _httpquicResBuiltinDefaults -policyName _uncacheablePragmaRes -priority 500
bind cache policylabel _httpquicResBuiltinDefaults -policyName _cacheableExpiryRes -priority 600
bind cache policylabel _httpquicResBuiltinDefaults -policyName _imageRes -priority 700
bind cache policylabel _httpquicResBuiltinDefaults -policyName _personalizedRes -priority 800
bind cache global NOPOLICY -priority 185883 -gotoPriorityExpression USE_INVOCATION_RESULT -type HTTPQUIC_REQ_DEFAULT -invoke policylabel _httpquicReqBuiltinDefaults
bind cache global NOPOLICY -priority 185883 -gotoPriorityExpression USE_INVOCATION_RESULT -type HTTPQUIC_RES_DEFAULT -invoke policylabel _httpquicResBuiltinDefaults
<!--NeedCopy-->
Note:
The first two commands in the list of commands, and the last two commands in the same list, are included for the sake of completeness. You might encounter an error when running the four commands, since the commands are already run at the time of appliance restart. But you can ignore these errors.
URL Transformation policy configuration for HTTP/3 traffic
The URL transformation modifies all URLs in designated requests from an external version seen by outside users to an internal URL seen only by your Web servers and administrators. You can redirect user requests seamlessly, without exposing your network structure to users. You can also modify complex internal URLs that users might find difficult to remember into simpler, more easily remembered external URLs. HTTP over QUIC type virtual servers have cache policy support. However, as QUIC uses UDP as its transport mechanism, TCP based expressions are excluded and UDP based expressions are included. New or existing policy configurations with TCP expressions cannot be bound to HTTP/3 virtual servers or to the newly added HTTP/3 global bind points. Instead of TCP expressions, UDP expressions can be included in the policy configurations that are bound to HTTP/3 QUIC virtual servers or HTTP over QUIC bind points.
Add URL Transform profile
To add a URL transformation profile, at the command prompt, type:
add transform profile <name> [-type URL]
<!--NeedCopy-->
Example:
add transform profile msapps
Add URL Transform action
To add URL transformation action, at the command prompt, type:
add transform action <name> <profileName> <priority> [-state ( ENABLED | DISABLED )]
<!--NeedCopy-->
Example:
add transform action docx2doc msapps 2
Add URL Transform action
To add URL transform action to replace URL, at the command prompt, type:
add transform action <name> <profileName> <priority> [-state ( ENABLED | DISABLED )]
<!--NeedCopy-->
Example:
add transform action docx2doc msapps 1
Add URL Transform policy
To add a URL transformation policy, at the command prompt, type:
add transform policy <name> <rule> <profileName> [-comment <string>] [-logAction <string>]
<!--NeedCopy-->
Example:
add transform policy urltrans_udp "CLIENT.UDP.DSTPORT.EQ(443)" msapps
Bind URL Transform policy with load balancing virtual server of type HTTP/3_QUIC
To bind URL transformation policy with load balancing virtual server of type HTTP/3_QUIC, at the command prompt, type:
bind lb vserver <name>@ ((<serviceName>@ [-weight <positive_integer>] ) | <serviceGroupName>@ | (-policyName <string>@ [-priority <positive_integer>] [-gotoPriorityExpression <expression>] [-type ( REQUEST | RESPONSE )] [-invoke (<labelType> <labelName>) ] ) | -analyticsProfile <string>@)
<!--NeedCopy-->
Example:
bind lb vs lb-http3 -policyName urltrans_udp -type REQUEST -priority 8
Bind URL transform policy global with HTTP/3 QUIC based load balancing virtual server
To bind a URL transform policy HTTP/3 global bind point, at the command prompt, type:
bind transform global <policyName> <priority> [<gotoPriorityExpression>] [-type <type>] [-invoke (<labelType> <labelName>) ]
<!--NeedCopy-->
Example:
bind transform global urltrans_udp 100 -type HTTPQUIC_REQ_DEFAULT
For more information, see URL transformation policy configuration.
Front end optimization (FEO) policy configuration for HTTP/3 traffic
The HTTP protocols that underlie web applications were originally developed to support the transmission and rendering of simple webpages. New technologies such as JavaScript and cascading style sheets (CSS), and new media types such as Flash videos and graphics-rich images, place heavy demands on front-end performance, that is, on performance at the browser level. The Citrix ADC front end optimization (FEO) feature addresses such issues and reduces the load time and render time of webpages.
Note:
HTTP_QUIC _Override/Default_Request
Type is not supported for FEO policy global binding.
Add Front end optimization (FEO) action
To add a FEO action, at the command prompt, type:
add feo action <name> [-pageExtendCache] [<cacheMaxage>][-imgShrinkToAttrib] [-imgGifToPng] [-imgToWebp] [-imgToJpegXR] [-imgInline] [-cssImgInline] [-jpgOptimize] [-imgLazyLoad] [-cssMinify] [-cssInline] [-cssCombine] [-convertImportToLink] [-jsMinify] [-jsInline] [-htmlMinify] [-cssMoveToHead] [-jsMoveToEND][-domainSharding <string> <dnsShards> ...] [-clientSideMeasurements]
<!--NeedCopy-->
Example:
add feo action feoact -imgGifToPng -pageExtendCache
Add Front end optimization (FEO) policy
To add a FEO policy, at the command prompt, type:
add feo policy <name> <rule> <action>
Example:
add feo policy udp_feo_img "CLIENT.UDP.DSTPORT.EQ(443)" IMG_OPTIMIZE
Bind FEO policy with load balancing virtual server of type HTTP/3_QUIC
To bind FEO policy with load balancing virtual server of type HTTP/3_QUIC, at the command prompt, type:
bind lb vserver <name>@ ((<serviceName>@ [-weight <positive_integer>] ) | <serviceGroupName>@ | (-policyName <string>@ [-priority <positive_integer>] [-gotoPriorityExpression <expression>] [-type <type>] [-invoke (<labelType> <labelName>) ] ) | -analyticsProfile <string>@)
<!--NeedCopy-->
Example:
bind lb vserver lb-http3 -policyName udp_feo_img -priority 4 -gotoPriorityExpression END -type REQUEST
Bind FEO policy to HTTP/3 global bind point
To bind a cache policy to the HTTP/3 global bind point, at the command prompt, type:
bind cache global <policy> -priority <positive_integer> [-gotoPriorityExpression <expression>] [-type <type>] [-invoke (<labelType> <labelName>) ]
<!--NeedCopy-->
Example:
bind cache global ctx_doc_pdf -priority 3 -type HTTPQUIC_REQ_DEFAULT
For more information, see Front end optimization policy configuration.
SSL Policy configuration for HTTP/3 traffic
HTTP over QUIC type virtual servers have SSL policy support. However, as QUIC uses UDP as its transport mechanism, TCP based expressions are excluded and UDP based expressions are included. New or existing policy configurations with TCP expressions cannot be bound to HTTP/3 virtual servers or to the newly added HTTP/3 global bind points. Instead of TCP expressions, UDP expressions can be included in the policy configurations that are bound to HTTP/3 QUIC virtual servers or HTTP over QUIC bind points. SSL policies with actions that are supported for TLSv1.3 are only applicable for HTTP/3 bind points or virtual servers.
Add SSL Policy
To add a FEO policy, at the command prompt, type:
add ssl policy <name> -rule <expression> [-action <string>] [-undefAction <string>] [-comment <string>]
<!--NeedCopy-->
Example:
add ssl policy ssl-pol -rule CLIENT.SSL.IS_SSL -action NOOP
Bind SSL Policy to HTTP/3 virtual server
To bind an SSL policy to the HTTP/3 virtual server, at the command prompt:
bind ssl policylabel <labelName> <policyName> <priority> [<gotoPriorityExpression>] [-invoke (<labelType> <labelName>)
<!--NeedCopy-->
Example:
bind ssl vserver lb-http3 -policyName ssl-pol -priority 4 -type REQUEST
Add SSL policy with UDP expression for SSL Policy
To add an SSL policy with UDP expression, at the command prompt:
add ssl policy <name> -rule <expression> [-action <string>] [-undefAction <string>] [-comment <string>]
<!--NeedCopy-->
Example:
add ssl policy ssl_udp_clnt -rule "CLIENT.UDP.DSTPORT.EQ(443)" -action NOOP
Bind SSL Policy with UDP expression to HTTP/3 virtual server
To bind an SSL policy with UDP expression to the HTTP/3 virtual server, at the command prompt, type
bind ssl policylabel <labelName> <policyName> <priority> [<gotoPriorityExpression>] [-invoke (<labelType> <labelName>)
<!--NeedCopy-->
Example:
bind ssl vs lb-http3 -policyName ssl_udp_clnt -priority 8 -type REQUEST
Add SSL policy for CLIENTHELLO bind point for HTTP/3 traffic
To bind SSL policy for CLIENTHELLO bind point for HTTP/3 traffic, at the command prompt, type:
bind ssl policylabel <labelName> <policyName> <priority> [<gotoPriorityExpression>] [-invoke (<labelType> <labelName>)
<!--NeedCopy-->
Example:
add ssl policy ssl-pol-ch -rule "CLIENT.SSL.CLIENT_HELLO.CIPHERS.HAS_HEXCODE(0x1301)" -action RESET
Bind SSL policy to CLIENTHELLO bind point
To bind an SSL policy to the CLIENTHELLO bind point, at the command prompt, type:
bind ssl policylabel <labelName> <policyName> <priority> [<gotoPriorityExpression>] [-invoke (<labelType> <labelName>)
<!--NeedCopy-->
Example:
bind ssl vs lb-http3 -policyName ssl-pol-ch -type CLIENTHELLO_REQ -priority 100
Bind SSL policy to HTTP/3 global bind point
To bind an SSL policy to the HTTP/3 global bind point, at the command prompt, type:
bind cache global <policy> -priority <positive_integer> [-gotoPriorityExpression <expression>] [-type <type>] [-invoke (<labelType> <labelName>) ]
Example:
Following is an example of a DATA policy being bound to a HTTP/3 global bind point:
Bind ssl global -policyName ssl-pol-ch -priority 7 -type HTTPQUIC_DATA_DEFAULT
Note:
Forward action that can be set for CLIENTHELLO bind point for SSL virtual servers is currently not supported for HTTP_QUIC type virtual servers.
Application Firewall Policy configuration for HTTP/3 traffic
HTTP over QUIC type virtual servers have web application firewall policy support. However, as QUIC uses UDP as its transport mechanism, TCP based expressions are excluded and UDP based expressions are included. New or existing policy configurations with TCP expressions cannot be bound to HTTP/3 virtual servers or to the newly added HTTP/3 global bind points. Instead of TCP expressions, UDP expressions can be included in the policy configurations that are bound to HTTP/3 QUIC virtual servers or HTTP over QUIC bind points.
Add Web Application Firewall policy with UDP expression
To add Web Application Firewall policy with UDP expression, at the command prompt:
add appfw policy <name> <rule> <profileName> [-comment <string>] [-logAction <string>]
<!--NeedCopy-->
Example:
add appfw policy appfw_udp "CLIENT.UDP.DSTPORT.EQ(443)" APPFW_BYPASS
Bind log expressions with UDP based expression for Web Application Firewall profile
To bind log expressions with UDP for Web Application Firewall profile, at the command prompt:
Example:
bind appfw profile APPFW_BLOCK -logExpression logexp-1 "CLIENT.UDP.DSTPORT.EQ(443)"
Bind Application Firewall policy with HTTP/3 virtual server
To bind Web Application Firewall policy with HTTP/3 virtual server, at the command prompt:
bind appfw policylabel <labelName> <policyName> <priority> [<gotoPriorityExpression>] [-invoke (<labelType> <labelName>)
<!--NeedCopy-->
Example:
bind lb vs lb-http3 -policyName appfw_udp -priority 3 -type REQUEST
Bind Web Application Firewall policy to HTTP/3 global bind point
To bind a Web Application Firewall policy to the HTTP/3 global bind point, at the command prompt, type:
bind appfw global <policy> -priority <positive_integer> [-gotoPriorityExpression <expression>] [-type <type>] [-invoke (<labelType> <labelName>) ]
<!--NeedCopy-->
Example:
bind appfw global appfw_udp 100 -type HTTPQUIC_REQ_DEFAULT
AppQoE Policy configuration for HTTP/3 traffic
HTTP over QUIC type virtual servers have AppQoE policy support. However, as QUIC uses UDP as its transport mechanism, TCP based expressions are excluded and UDP based expressions are included. New or existing policy configurations with TCP expressions cannot be bound to HTTP/3 virtual servers or to the newly added HTTP/3 global bind points. Instead of TCP expressions, UDP expressions can be included in the policy configurations that are bound to HTTP/3 QUIC virtual servers or HTTP over QUIC bind points.
Add AppQoE policy with UDP based expression
To add AppQoE policy with UDP expression, at the command prompt:
add AppQoE policy <name> <rule> <profileName> [-comment <string>] [-logAction <string>]
<!--NeedCopy-->
Example:
add appqoe policy appqoe-pol-udp -rule "CLIENT.UDP.DSTPORT.EQ(443)" -action
appqoe-act-basic-prhigh
Bind AppQoE policy with HTTP/3 virtual server
To bind the AppQoE policy with the HTTP/3 virtual server, at the command prompt, type:
bind appqoe policylabel <labelName> <policyName> <priority> [<gotoPriorityExpression>] [-invoke (<labelType> <labelName>)
<!--NeedCopy-->
Example:
bind lb vs lb-http3 -policyName appqoe-pol-udp -type REQUEST -priority 3
Bind AppQoE policy to HTTP_QUIC virtual server
To bind AppQoE policy to HTTP_QUIC
virtual server, at the command prompt, type:
bind appqoe <policy> -priority <positive_integer> [-gotoPriorityExpression <expression>] [-type <type>] [-invoke (<labelType> <labelName>) ]
<!--NeedCopy-->
Example:
bind lb vs lb-http3 -policyName appqoe-pol-primd -priority 8 -type REQUEST
Share
Share
In this article
- Responder policy configuration for HTTP/3 traffic
- Add responder policy
- Rewrite policy configuration for HTTP/3 traffic
- Compression policy configuration for HTTP/3 traffic
- Add compression policy
- Caching policy configuration for HTTP/3 traffic
- Add cache content group
- URL Transformation policy configuration for HTTP/3 traffic
- Front end optimization (FEO) policy configuration for HTTP/3 traffic
- Bind FEO policy with load balancing virtual server of type HTTP/3_QUIC
- SSL Policy configuration for HTTP/3 traffic
- Bind SSL Policy to HTTP/3 virtual server
- Application Firewall Policy configuration for HTTP/3 traffic
- AppQoE Policy configuration for HTTP/3 traffic
- Bind AppQoE policy to HTTP_QUIC virtual server
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.