Jump to content
Welcome to our new Citrix community!

Content switching policies do not hit


Nguyen Huu Duc

Recommended Posts

Hi guys,

I have 2 sites running 2 CS vserver for my website

In site 1 i created 2 CS policies and bind it to the CS vServer, 2 policies work normaly.

 

it works normally at site 1. When client request to http://abc.com.vn it will redirect to vserver WEB (default) and when client request http://abc.com.vn/ocsp it will redirect to vserver OCSP

in site 2 when i bound pol1 or 2 into the CS vserver it work nomarlly, but if i bind both of them into CS vserver just pol2 works, and i've tried bind pol1 and bound the default vserver WEB in the CSVS but it still hit the default vserver and pol1 doesnt work.

My 2 policies expression is

pol1: HTTP.REQ.IS_VALID&&HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/ocsp")       

          action: redirect to vServer name OCSP

pol2: HTTP.REQ.IS_VALID

           action: redirect to vserver web (abc.com.vn)

Priority policies 1 < 2. 

and 2 netscaler running NS13.0 52.24.nc

So i dont know what is the problem here, all of the configuration are the same. PLS help me, thank you very much

Link to comment
Share on other sites

Problem is pol2 is always hitting first because of your expression HTTP.REQ.IS_VALID

 

Change pol1 to: HTTP.REQ.HOSTNAME.SET_TEXT_MODE(IGNORECASE).EQ("abc.com.vn")&&HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/ocsp")

 

Change pol2 to: HTTP.REQ.HOSTNAME.SET_TEXT_MODE(IGNORECASE).EQ("abc.com.vn")

 

Regards

Julian

Link to comment
Share on other sites

6 minutes ago, Julian Jakob said:

Problem is pol2 is always hitting first because of your expression HTTP.REQ.IS_VALID

 

Change pol1 to: HTTP.REQ.HOSTNAME.SET_TEXT_MODE(IGNORECASE).EQ("abc.com.vn")&&HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/ocsp")

 

Change pol2 to: HTTP.REQ.HOSTNAME.SET_TEXT_MODE(IGNORECASE).EQ("abc.com.vn")

 

Regards

Julian

Thanks for your help,

I've tried your suggestion but it doesn't work. Just pol2 hit in the CSVS.

 

Link to comment
Share on other sites

Just to be very clear on your priorty 1 < 2 statement:

As Policy 1 is more specific than Policy 2 it must have a higher priority (lower index) to process first.

Policy 1:  100

Policy 2:  200

Also be sure your CS vserver is set to evaluate based on RULE and not URL (its a vserver setting in the CS properties).

 

Do you have other features like responder involved that could be affecting the traffic?

 

If you look at a header viewer (such as via your web browser's developer tools), Is your first request to the /ocsp path OR a different path object.

Is that path hitting policy 2 first, and if so and you have CS persistence set it might be overriding the policy 1 /ocsp decision.

 

See CS Persistence:

https://docs.citrix.com/en-us/citrix-adc/13/content-switching/persistence-support.html#:~:text=To support this requirement%2C Citrix,from one version to another.

 

If you have only policy 1 bound does it work as expected?

 

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...