Jump to content
Welcome to our new Citrix community!

Content Switching policies expressions with overlapping portions of domain name

Recommended Posts

I run many different websites through a Content Switching virtual server and have been using a policy expression format of HTTP.REQ.HOSTNAME.CONTAINS("subdomain.domain.com") for all of these sites. A blog/article I read online many years ago used this as an example and it worked for me so I've been using it ever since.


I ran into an issue for the first time where I have an overlap that caused an issue.  I had two policies as so:


  • Priority 100 - HTTP.REQ.HOSTNAME.CONTAINS("helpdesk.domain.com")
  • Priority 110 - HTTP.REQ.HOSTNAME.CONTAINS("testhelpdesk.domain.com")


When I browsed to testhelpdesk.domain.com I was served the site running at helpdesk.domain.com.  I fixed this by swapping the priorities on these policies and that has shown to be working fine, where both URL's load the correct site.


That being said, I am now wondering if I should be using an alternate expression to avoid a potential overlap like this from happening again.  I need to make sure subdirectories (ie. helpdesk.domain.com/tickets/) and URL parameters (ie. helpdesk.domain.com/?ticketnumber=100) won't throw off the policy matching   Is there a better expression to use that isn't quite as loose as HTTP.REQ.HOSTNAME.CONTIANS or should I stick with what I have been using and make sure I order priorities accordingly if I have partial domain overlaps?

Link to comment
Share on other sites

As ever, with any form of programming (which is essentially what policies are) you need to - as you have discovered - put the most specfic first, and the more general last. There is 100% nothing wrong with doing things like that.


The problem with "contains" is that it's a very general thing.... As Ross says, using an "equals" is much more specific (although you do now need to make sure you define the whole thing!). In your case, you already DO that, so changing "contains" to "equals" will work nicely in your case.... if you do that, then order is no longer important.


Generally, the simpler you keep things, the more likely they are to actually work the way you expect them, both now, and in the future. "contains" and "equals" are both useful matching criteria, just be aware that each has their advantages and disadvantages: welcome to the world of programming!!

Link to comment
Share on other sites

1 hour ago, Evan Mann1709152793 said:

I an currently using the full "subdomain.domain.extension" combination in my "contains" rules.  Since the rule relies on HOSTNAME, changing to EQ should not cause any issues with subdirectories, multi-subdirectories, and/or URL parameters, correct?  All of those do come after the hostname afterall.


That's correct, using EQ will not affect other parts of the URL (those are found in policy expressions through HTTP.REQ.URL.xxx).

Link to comment
Share on other sites

There are 2 ways to do this.


Like everyone told you, EQ is right here. There are two reasons, reason number one had not been mentioned so far: It's faster, as it's more specific.  Reason number two is, it won't lead to mixing up.


The other idea would be: Stay with your policies, but change binding.

Priority 100 - HTTP.REQ.HOSTNAME.CONTAINS("testhelpdesk.domain.com")

Priority 110 - HTTP.REQ.HOSTNAME.CONTAINS("helpdesk.domain.com")


Would do for you. But again, go to EQ, as you are not interested in containing but you ask for the hole string.




Johannes Norz, Austria



Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...