ADC

Responder action and policy examples

Responder actions and policies are powerful and complex, but you can get started with relatively simple applications.

Example: Blocking Access from Specified IPs

The following procedures block access to your protected Web site(s) by clients originating from the CIDR 222.222.0.0/16. The responder sends an error message stating that the client is not authorized to access the URL requested.

To block access by using the NetScaler command line:

At the command prompt, type the following commands to block access:

  • add responder action act_unauthorized respond with “HTTP/1.1 403 Forbidden\r\n\r\n” + “Client: “ + CLIENT.IP.SRC + “ is not authorized to access URL:” + “HTTP.REQ.URL.HTTP_URL_SAFE”’
  • add responder policy pol_un “CLIENT.IP.SRC.IN_SUBNET (222.222.0.0/16)” act_unauthorized
  • bind responder global pol_un 10

To block access by using the GUI:

  1. In the navigation pane, expand Responder, and then click Actions.
  2. In the details pane, click Add.
  3. In the Create Responder Action dialog box, do the following:
    1. In the Name text box, type act_unauthorized.
    2. Under Type, select Respond with.
    3. In the Target text area, type the following string: “HTTP/1.1 403 Forbidden\r\n\r\n” + “Client: “ + CLIENT.IP.SRC + “ is not authorized to access URL:” + HTTP.REQ.URL.HTTP_URL_SAFE
    4. Click Create, and then click Close. The responder action you configured, named act_unauthorized, now appears in the Responder Actions page.
  4. In the navigation pane, click Policies.
  5. In the details pane, click Add.
  6. In the Create Responder Policy dialog box, do the following:
    1. In the Name text box, type pol_unauthorized.
    2. Under Action, select act_unauthorized.
    3. In the Expression window, type the following rule: CLIENT.IP.SRC.IN_SUBNET(222.222.0.0/16)
    4. Click Create, then click Close. The responder policy you configured, named pol_unauthorized, now appears in the Responder Policies page.
  7. Globally bind your new policy, pol_unauthorized, as described in Binding a Responder Policy.

Example: Redirecting a client to a new URL

The following procedures redirect clients who access your protected Web site(s) from within the CIDR 222.222.0.0/16 to a specified URL.

To redirect clients by using the NetScaler command line:

At the command prompt, type the following commands to redirect clients and verify the configuration:

  • add responder action act_redirect redirect "<http://www.example.com/404.html>"
  • show responder action act_redirect
  • add responder policy pol_redirect “CLIENT.IP.SRC.IN_SUBNET(222.222.0.0/16)” act_redirect
  • show responder policy pol_redirect
  • bind responder global pol_redirect 10

Example:

> add responder action act_redirect redirect `" http ://www.example.com/404.html "`
Done

> add responder policy pol_redirect "CLIENT.IP.SRC.IN_SUBNET(222.222.0.0/16)" act_redirect
Done
<!--NeedCopy-->

To redirect clients by using the GUI:

  1. Navigate to AppExpert > Responder > Actions.
  2. In the details pane, click Add.
  3. In the Create Responder Action dialog box, do the following:
    1. In the Name text box, type act_redirect.
    2. Under Type, select Redirect.
    3. In the Target text area, type the following string: "<http://www.example.com/404.html>"
    4. Click Create, then click Close. The responder action you configured, named act_redirect, now appears in the Responder Actions page.
  4. In the navigation pane, click Policies.
  5. In the details pane, click Add.
  6. In the Create Responder Policy dialog box, do the following:
    1. In the Name text box, type pol_redirect.
    2. Under Action, select act_redirect.
    3. In the Expression window, type the following rule: CLIENT.IP.SRC.IN_SUBNET(222.222.0.0/16)
    4. Click Create, then click Close. The responder policy you configured, named pol_redirect, now appears in the Responder Policies page.
  7. Globally bind your new policy, pol_redirect, as described in Binding a Responder Policy.
Responder action and policy examples