• View Communities
    • Citrix Developer Network
      The place for unfiltered straight talk on Citrix products. Blogs, code downloads, best practices, APIs, and more can all be found here.
    • Citrix Ready Community Verified
      Does it work with Citrix? Application compatibility questions are a thing of the past with the new Citrix Community Verified site.
    • Blogs
      Learn the latest from the Citrix employees who are building application delivery infrastructure technologies.
    • Blogosphere
      The Citrix Blogosphere is a window into the thousands of conversations taking place about Citrix and Application Delivery.
  •  Sign In
NetScaler Developer Network

Creating a PI Policy using the CLI

Added by Catherine Hampton, last edited by Vishal Ganeriwala on Aug 12, 2008  (view change)

This article explains how to create a NetScaler policy with PI expressions (or PI policy) using the CLI and put it into effect.

Summary

This article contains a procedure that describes how to create a policy with PI expressions (or PI policy) using the Citrix NetScaler Command Line Interface (or CLI).

To create a policy with PI expressions at the CLI:

  1. Run the SSH client of your choice, connect to your appliance's NSIP, and log on to the NetScaler CLI.
    If you need further instructions, see the Citrix NetScaler Getting Started Guide.
  2. At the prompt, type the following command, and press the Enter key, to create the policy:
    > add <policytype> policy <name> <rule> <action>#* For <policytype>, substitute the type of policy you are creating. For Rewrite policies, you substitute rewrite. For DNS policies, you substitute dns.
    • For <name>, substitute a name for the policy. The name can begin with a letter or the underscore symbol, and can consist of from one to 31 letters, numbers, and the hyphen, period, pound (#), space, and underscore symbols. You should choose a name that will make it easy for others to tell what type of content this policy was created to detect.
    • For <rule>, substitute a PI expression that defines the connections you want to match using this policy.
      This regular expression can take many forms. PI expressions all consist of a hierarchy of expression elements separated by periods. Some elements take arguments; when an element takes an argument, the argument is enclosed in parentheses. Some examples of PI expressions are shown below:
      "HTTP.REQ.HEADER("Pragma").EQ("No-Cache")"
      "SYS.TIME.HOURS.BETWEEN(0,1)"
      "CLIENT.IP.SRC.IN_SUBNET(200.0.0.0/8)"
      "SERVER.ETHER.DSTMAC.GET1.EQ(12)"
      "URL.CONTAINS("cgi-bin")"
      NOTE: All rules must be enclosed in double quotes.
      For complete information on the classes and methods used in PI expressions, see PI Expression Reference Classes and Constructions. For complete information on the constructors and operators used in PI expressions, see PI Expression Reference Constructors and Operators.
  3. At the prompt, type save ns config and press the Enter key to save your configuration.
  4. Enter the appropriate show policy command to verify your configuration.
    #* For Rewrite policies, this is show rewrite policy <name>.
    #* For DNS policies, it is show DNS policy <name>.
    In each case, for <name>, you substitute the name of the policy you created.
    If the policy is correct, you can proceed to globally bind it. If it is not, repeat steps 2 and 3 to recreate your policy in the form you want.
  5. Enter the following command to globally bind the policy.
    > bind <policytype> global <policy> <priority
    • For <policytype>, substitute the type of policy you are creating. For Rewrite policies, you substitute rewrite. For DNS policies, you substitute dns.
    • For <policy>, substitute the name of the policy you just created.
    • For <priority>, substitute a positive integer that represents the priority you want to assign to that policy.
      In the NetScaler OS, policy priorities work in reverse order—the higher the number, the lower the priority. For example, if you have three policies with priorities of 10, 100, and 1000, the policy assigned a priority of 10 is performed first, then the policy assigned a priority of 100, and finally the policy assigned an order of 1000. All features except the Rewrite feature on the Application Switch implement only the first policy that a connection matches, not any additional policies that it might also match. The Rewrite policy can implement multiple policies, but implements them in order of priority. So policy priority is important to get the results you intended.
      You can leave yourself plenty of room to add other policies in any order, and still set them to evaluate in the order you want, by setting priorities with intervals of 50 (or, better, 100) between each policy when you globally bind your policies. If you do this, you can add additional policies at any time without having to reassign the priority of an existing policy. You simply look at the priorities assigned to the preceding and following policies, and assign a new policy a priority between that of those two numbers.
  6. Enter save ns config to save your configuration.
    Your policy is now globally bound and has been put into effect.

More Information

Tags

appexpert appexpert Delete
code code Delete
pattern pattern Delete
pi pi Delete
expression expression Delete
how to how to Delete
policy infrastructure policy infrastructure Delete
Enter tags to add to this page:
Please wait 
Looking for a tag? Just start typing.
Related Links
Citrix Branch Repeater
NetScaler Installation & Configuration Guide 1
NetScaler Installation & Configuration Guide 2
NetScaler - Quick Start Guide
NetScaler Command Reference Guide