Jump to content
Welcome to our new Citrix community!

Adding multiple Expressions to Responder Policy


Recommended Posts

I have seen other Responder policies in our environment configured this way but receiving an error whenever I attempt to add something like this to a responder policy.  

 

The first expression in the example below is already there, i get this error when I attempt to add the second.  "Invalid name; names must begin with an alphanumeric character or underscore and must contain only alphanumerics, '_', '#', '.', ' ', ':', '@', '=' or '-' [logAction, ]"

 

!(exp_wspearson || exp_WAF_IP)

 

Regards,

Kurt

Link to comment
Share on other sites

Which firmware?

Are you creating expression in GUI or CLI.

And can you confirm your named expressions are actually "advanced" named expressions?

 

Swap in maybe something like:

!(http.req.url.path.contains("/demo") || http.req.header("host").contains("somefqdn"))

 

If it doesn't take this either in the GUI, then it might be a gui bug.

IF this works in GUI, but your named expressions don't, then share your named expression definitions as they may be incorrect?

If this is in the cli, quotes are needed around expressions and there are other things to compare.

 

 

 

 

Link to comment
Share on other sites

Hey Kurt,

 

i think this is a bug right now in latest firmware release. You cannot add or edit a Responder Policy when there is now AppFlow Action bound to that policy. The error (in GUI) basically says, that you need to define an AppFlow Action (which is obviously not true). I have worked around like this:

 

a) configure Responder Policy over CLI (may be a bit more complicated regarding escaping special characters etc.)

 

b) create "dummy" AppFlow Action (just deselect everything, create collector with IP "1.2.3.4", do NOT activate AppFlow Feature when prompted) -> you can edit responder policy. After, you go to CLI/SSH and type "unset responder policy *name_of_responder_policy* -appflowaction"

 

This makes the AppFlow Action go away and keeps the changes to responder policy you initially did. Even though the "dummy" AppFlow Action shouldn't do anything if not activated. 

Hope Citrix fixes this soon

 

Edit: I just tested this with logAction and it is the same bug. GUI expects you to select a logAction (even thought if you dont want one), so you need to do the same as described above but for logAction instead of AppflowAction

Edited by Jens Ostkamp
  • Like 4
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...