Jump to content
Welcome to our new Citrix community!

Responder Policies


Tracey Penston

Recommended Posts

Does any one know the maximum number of response policies that can be applied to a single Load Balance Virtual Server.

 

We have a request for a redirection to be in place for a site 

ie https://a/test/1 to goto https://b/test1, https:a/test2 to goto https://b/test2 and so on. 

Been advised a repsonse policy and action is the way to go. 

However just been told that there could be as many as 70 different scenerios. 

 

Any help more than welcome.

 

Link to comment
Share on other sites

In general, a given policy expression can have about 1499 characters. Total number of policies per vserver depends on memory of system.

 

But depending on your expressions and associated actions, a string map is your best option to get one policy with a string map to do lots of things.  I don't know the maximum entries in a string map, but your probably not reaching it.  You can also still break it into multiple policies doing only 20-30 things each in the string map (to get to 3-4 policies) instead of one string map doing everything if needed.

 

Your scenario is just vague enough that unless all of your URLs are in these exact pattern, the examples I work with might not do what you need. But the below should give you a starting point. Whether you really need a stringmap or patternset to consolidate your policies OR if we can make one policy deal with the patterns you need, really just depends on the redirect scenarios you need.    But if the examples below don't really do what you need, clarify the examples and we can see the best way to deal with it or if breaking into multiple scenarios is better.

 

Patternsets and String Maps help you do lots of complex multi-conditional ("OR" clauses) in one or few policies.  String maps can also help with creating pairs of actions for specific triggers.

 

Here are a few examples (also see admin guid - but I didn't link it):
https://discussions.citrix.com/topic/396850-string-maps-key-match/

https://discussions.citrix.com/topic/391293-how-to-add-a-default-option-for-string-map/  (##Note this one has a string map example that may help you see how they work.)

 

 

The below example is just to show you some options. Your patterns above might be vague enough that the initial examples will not work for you. But this should help you see some possibilities.

 

If in your examples, the HOST/server portion of the URL is unique and only one host/path combo (like https://servera.demo.com/test/1 goes to https://servera.demo.com/test1) and they all fall into this pattern, you might not even need a string map for the redirect, just a pattern set for the hosts to redirect.

If your redirects are based on multiple https://servera.demo.com/test/1,https://servera.demo.com/test/2,https://servera1.demo.com/othertest/3 , but the paths are still unique between servera and serverb patterns, then the responder policy could be based on the key path element and still redirect a lot of patterns.  If we have multiple host/path combos and we have to look at both to know which redirect to do, then it will probably need a different way to parse and compare the urls (policy can still do it; but might consolidate differently).

 

Here are some preliminary examples:

 

For an example URL, here are some policy expression basics:

https://servera.demo.com/test/1?a1=b1&c1=d1

So depending on how you identify the URL you need, can you look at just http.req.url.path.get(1):

http.req.header("host") would match on the host header (aka the server portion of url):  servera.demo.com

http.req.url.path matches "/test/1"

http.req.url.path.get(1) matches "test"

http.requrl.path.get(2) matches "1"

get(<#>) grabs each element of the path (1-based) without the "/"

http.req.url.query matches the query string "a1=b1&c1=d1"

 

So, depending on whether your trigger for which patterns you need to match are just the HOST portion or the host, or just hte path (or specific path elements), or both host and path, would affect how exactly the string map would need to be constructed.

 

Example 1:

Where your redirects need to be:

https://hosta/test/1 --> https://hosta/test1

https://hostb/test/2 --> https://hostb/test2

 

Then you can do this with a regular responder redirect if the elements of the request are what are also present in the redirect.  If the values on the redirect are NEW values not present in the response, then a string map might be better. 

 

If there is a single unique criteria for redirect such as all unique hosts (hosta vs hostb) or the paths alwasy the same pattern, then a basic responder redirect could be something like the below.  You wouldn't need a string map for this, but you might use a patternset to simplify identifying the triggers for this policy.

 

Responder Redirect Action Target: Can create new url from original.  IF you need preserve stuff after first two elements, there is away to grab the rest of the URL and tack on.

"https://" + http.req.header("host").typecast_text_t + "/" + http.req.url.path.get(1) + http.req.url.path.get(2) + "/"

 

This action can do a wide range of redirects for URLs in the necessary pattern, and you just need to write the expression for the policy to do this for the affected traffic.

 

Responder Policy Expression:

1a) If you just have one redirect per HOST and everyone is in this same form, then you just need a policy to evaluate the if the host is redirectable. 

(http.req.header("host").equals("servera.demo.com") || http.req.header("host").equals("serverb.demo.com") || http.req.header("host").equals("serverc.demo.com"))  && http.req.url.path.startswith("/test/")

 

Now, this might be the part that isn't meeting your requirements as you might need better criteria to identify when to redirect or not (but just a basic example to get things started). So the rest of the policy criteria may need to be customized more.  FYI, looking at just HOST headers or just PATHS is easier than both, but it can be done just may take some finessing.

 

But to make this better for a large number of hosts you can use a patternset. Patternsets are index tables (numbered/indexed values) and stringmaps are hash tables (key/value pairs).

1b) with a patternset

add policy pateset ps_hostlist

bind policy patset ps_hostlist servera.demo.com

bind policy patset ps_hostlist serverb.demo.com

bind policy patset ps_hostlist serverc.demo.com

 

Now your policy expression might be:

http.req.header("host").equals_any("ps_hostlist") && http.req.url.path.startswith("/test/")

 

So a responder policy/action:

add responder action rs_act_sendtourl_byhost1 redirect '"https://" + http.req.header("host").typecast_text_t + "/" + http.req.url.path.get(1) + http.req.url.path.get(2) + "/"' -responsestatusCode 302

add responder policy rs_pol_sendtourl_byhost1 'http.req.header("host").equals_any("ps_hostlist") && http.req.url.path.startswith("/test/")' rs_act_sentourl_byhost1

 

If your patterns are more complex, then there are other ways to build the stringmap or patternset, the policy expression and the action to be better able to do what you want.

But I figured I'd let you clarify the scenario before building something more exotic.

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...