ADC

Configure a pattern set

To configure a pattern set, you must specify the strings that are to serve as patterns. You can manually assign a unique index value to each of these patterns, or you can allow the index values to be assigned automatically.

Note:

Pattern sets are case sensitive (unless you specify the expression to ignore case). Therefore, the string pattern “product1,” for example, is not the same as the string pattern “Product1.”

Points to remember about index values:

  • You cannot bind the same index value to more than one pattern.
  • An automatically assigned index value is one number larger than the highest index value of the existing patterns within the pattern set. For example, if the highest index value of existing patterns in a pattern set is 104, the next automatically assigned index value is 105.
  • If you do not specify an index for the first pattern, index value 1 is automatically assigned to that pattern.
  • Index values are not regenerated automatically if one or more patterns are deleted or modified. For example, if the set contains five patterns, with indexes from 1 through 5, and if the pattern with an index of 3 is deleted, the other index values in the pattern set are not automatically regenerated to produce values from 1 through 4.
  • The maximum index value that can be assigned to a pattern is 4294967290. If that value is already assigned to a pattern in the set, you must manually assign index values to any newly added patterns. An unused index value that is lower than a currently used value cannot be assigned automatically.

Starting with NetScaler 14.1-12.x release, in addition to using a static string, you can also use an expression to derive the pattern set name and associate the pattern set in policy expression methods like CONTAINS_ANY, EQUALS_ANY, STARTSWITH_ANY. The pattern set name is dynamically derived from the expression and therefore reduces the number of policies that must be created for multiple pattern sets. By creating a dynamic pattern set, you can avoid repetitive configuration.

For example, in releases prior to NetScaler 14.1-12.x release, if there are four pattern sets, you have to create four policies to associate the four pattern sets. From NetScaler 14.1-12.x release onwards, in addition to using a static string, you can also use an expression to derive the pattern set name. The expression helps in reducing the configuration.

For the expression to identify the pattern set as part of its evaluation, you must configure the pattern set as dynamic using the dynamic keyword. The expression considers only those pattern sets that are configured as dynamic. If you have not configured the pattern set as dynamic at the time of pattern set creation, you can set it later as well. You can set dynamic keyword only for non-default pattern sets.

As part of the expression evaluation the following checks are performed:

  • If there are no pattern sets that match the expression, then it is considered as an error and the error counter is incremented.
  • If there is a pattern set name that matches the expression but it is not marked as dynamic, then it is considered as an error and the error counter is incremented.

Configure a pattern set by using the command line interface

At the command prompt, do the following:

  1. Create a pattern set.

    add policy patset <name>

Example:

add policy patset samplepatset

  1. Bind patterns to the pattern set.

    bind policy patset <name> <string> [-index <positive_integer>][-charset ( ASCII | UTF_8 )] [-comment <string>]

Example:

bind policy patset samplepatset product1 -index 1 -comment short description about the pattern bound to the pattern set

Note: Repeat this step for all the patterns you want to bind to the pattern set.

  1. Verify the configuration.

show policy patset <name>

Configure a pattern set by using the configuration utility

  1. Navigate to AppExpert > Pattern Sets.
  2. In the details pane, click Add to open the Create Pattern Set dialog box.
  3. Specify a name for the pattern set in the Name text box.
  4. Under Specify Pattern, type the first pattern and, optionally, specify values for the following parameters:
    • Treat back slash as escape character—Select this check box to specify that any backslash characters that you might include in the pattern are to be treated as escape characters.
    • Index—A user assigned index value, from 1 through 4294967290.
  5. Verify that you have entered the correct characters, and then click Add.
  6. Repeat steps 4 and 5 to add more patterns, and then click Create.

Configure a dynamic pattern set

Configure a dynamic pattern set using the CLI

At the command prompt, type the following commands:

  1. Create pattern sets.

    add policy patset <name> - dynamic yes

  2. Bind the patterns set to a pattern set.

    bind patset <name> <string>

  3. Add a policy and use an expression instead of pattern set name.

    add responder policy <name> <rule> <action>

  4. Verify the configuration.

    show patset -dynamicOnly

Example for configuring dynamic pattern set using the CLI

Create CompA_pat and CompB_pat as the two dynamic pattern sets.

add policy patset CompA_pat -dynamic yes
bind policy patset CompA_pat stringA
add policy patset CompB_pat -dynamic yes
bind policy patset CompB_pat string B
<!--NeedCopy-->

Add a policy with an expression that derives the pattern set name dynamically:

add responder policy samplepolicy1 http.req.hostname.contains_any("Comp" + http.req.url.path.get(1) + "_pat") reset

Consider that http://www.citrix.com/A/home.html or http://www.google.com/B/test.html are the incoming URLs. Based on the incoming URL, the expression “Comp” + http.req.url.path.get(1) + “_pat”, determines the pattern set, CompA_pat or CompB_pat dynamically at the run time. You need not create two separate policies for CompA_pat and CompB_pat.

Verify the configuration using the show command:

> show patset -dynamicOnly
1) Patset: CompA_pat
2) Patset: CompB_pat
 Done
<!--NeedCopy-->

Configure a dynamic pattern set using the GUI

  1. Navigate to AppExpert > Pattern Sets.
  2. Click Add to open the Create Pattern Set dialog box.
  3. Specify a name for the data set in the Name text box.
  4. Click Insert and specify the pattern in the Pattern field. Optionally, specify a value for the Index. Index is a user assigned value, from 1 through 4294967290.
  5. Verify that you have entered the correct characters, and then click Insert.
  6. Repeat steps 4 and 5 to add more patterns.
  7. Select the Dynamic check-box and then click Create.
  8. Navigate to AppExpert > Responder > Policies > Add.
  9. Create an expression that can derive the pattern set.
  10. Fill in the other mandatory fields and click Create.

Set, unset, or remove a dynamic pattern set

To set a non default pattern set as dynamic:

> set patset <name> -dynamic yes

Example:

> set patset CompA_pat -dynamic yes
 Done
<!--NeedCopy-->

To unset a non default pattern set as dynamic

> unset patset <name> -dynamic

Example:

> unset patset CompA_pat -dynamic
Warning: [Dynamic attribute turned off. Expressions using this patset or dataset dynamically will not work.]
 Done
<!--NeedCopy-->

To remove a dynamic pattern set

> rm patset <name>

Example:

> rm patset CompA_pat
Warning: [Dynamic patset or dataset removed. Expressions using this patset or dataset dynamically will not work.]
 Done
<!--NeedCopy-->

Note:

When you unset or remove a dynamic patset, the expression that is using this pattern set does not work.

Configure file-based pattern sets

The NetScaler appliance supports file-based pattern sets.

Configure file-based pattern sets by using the CLI

At the command prompt, type the following commands:

  • Import a new pattern set file into the NetScaler appliance.

     import policy patsetfile <src> <name> -delimiter <char> -charset <ASCII | UTF_8>
     <!--NeedCopy-->
    

    Example:

     import policy patsetfile local:test.csv clientids_list –delimiter ,
     <!--NeedCopy-->
    

    You can import a file from a local device, HTTP server, or FTP server. To add the file from your local device, the file must be available in /var/tmp location.

  • Add a pattern set file to the packet engine.

     add policy patsetfile <patset filename>
     <!--NeedCopy-->
    

    Example:

     add policy patsetfile clientids_list
     <!--NeedCopy-->
    
  • Update an existing pattern set file on the NetScaler appliance.

     update policy patsetfile <patset filename>
     <!--NeedCopy-->
    

    Example:

     update policy patsetfile clientids_list
     <!--NeedCopy-->
    
  • Bind patterns to the pattern set.

     add policy patset <patset name> -patsetfile <patset filename>
     <!--NeedCopy-->
    

    Example:

     add policy patset clientid_patset -patsetfile clientids_list
     <!--NeedCopy-->
    
  • Verify the configuration.

     show policy patsetfile clientids_list
    
     Name: clientids_list
     Patset Name: clientid_patset
     Number of Imported Patterns: 8
     Number of Bound Patterns: 8
     (All the patterns bound successfully)
    
     Done
     <!--NeedCopy-->
    

Configure file-based pattern sets by using the GUI

  1. Navigate to AppExpert-> Pattern Set Files.

  2. In the Imported pane, click Import.

  3. In the Configure Policy Patset File page, select the file you want to import, and click OK.

  4. Select the imported file, and click Add.

  5. In the Create Policy Patset File page, enter the details, and click Create to add a policy pattern set.

Configure a pattern set