Jump to content
Welcome to our new Citrix community!

Convert iRule to Netscaler


Recommended Posts

Is there a tool to convert irules to netscaler format?

for exmaple, this :

 

when HTTP_REQUEST {
          if { [HTTP::uri] equals "/"} {
                HTTP::redirect https://[HTTP::host]/scpv/
                log local0. "redireccion"
   } elseif { ([class match [HTTP::uri] starts_with SEC_CAPA_Blacklist]) } {
                reject
   }
}
when HTTP_RESPONSE {
          if { [HTTP::header exists "Cache-Control"]} {
                HTTP::header replace Cache-Control "no-cache"
   }    
    foreach x [HTTP::cookie names] {
        if { $x starts_with "BIGipServer" } {
            set ckname $x
            set ckvalue [HTTP::cookie value $x]
            HTTP::cookie remove $x
            HTTP::cookie insert name $ckname value $ckvalue path "/" version 1
            HTTP::cookie secure $ckname enable
            HTTP::cookie httponly $ckname enable
        }
    }
}

Link to comment
Share on other sites

Hi
I don't think there is a tool that automatically converts IRULE to POLICY.
However if you know what IRULE does it is simple to create a netscaler policy.

In your case, in the first part of your example 

the IRULE does the following:
1) uri on REQUESTS= "/" --> redirect to "https://hostname/scpv/"
2) uri on REQUESTS starts with string contained in SEC_CAPA_Blacklist --> execute DROP
3) if "Cache-Control" header exists in RESPONSE --> replace header with "no-cache" value
4) if coockies name in RESPONSE starts with "BIGipServer" --> Add the value "path '/'" and "version 1" to the cookie. It also enables the "secure" and "httponly" parameters on the cookie

For 1) point 

add responder action Redirect_action redirect " \"https://\" + HTTP.REQ.HOSTNAME +\"/scpv/\"" -responseStatusCode 302
add responder policy pol_redirect "HTTP.REQ.URL.PATH.SET_TEXT_MODE(IGNORECASE).EQ(\"/\")" Redirect_action
bind lb vserver lb_vserver_name -policyName pol_filenetp8.ced.it_Redir_Portale2 -priority 100 -gotoPriorityExpression END -type REQUEST

for 2) point

first create a PATHSET "SEC_CAPA_Blacklist" with path list (in format \stringA\stringB\ )

add responder policy pol_drop_SEC_CAPA_Blacklist "HTTP.REQ.URL.PATH.SET_TEXT_MODE(IGNORECASE).STARTSWITH_ANY(\"SEC_CAPA_Blacklist\")" DROP
bind lb vserver lb_vserver_name -policyName pol_drop_SEC_CAPA_Blacklist -priority 110 -gotoPriorityExpression END -type REQUEST

for point 3)

add rewrite action act_replace_header_Cache-Control replace “HTTP.REQ.HEADER(\”Cache-Control\”)” “\”no-cache\””
add rewrite policy act_replace_header_Cache-Control “HTTP.REQ.HEADER(\”X-Citrix-Via\”).EXIST\”)” act_replace_header_Cache-Control
bind lb vserver lb_vserver_name -policy act_replace_header_Cache-Control -priority 120 -gotoPriorityExpression NEXT -type RESPONSE

4) point is not necessary (it's a change on F5 header)

 

Regards
 

Edited by Nicola Campaci
Link to comment
Share on other sites

15 minutes ago, Nicola Campaci said:

Hi
I don't think there is a tool that automatically converts IRULE to POLICY.
However if you know what IRULE does it is simple to create a netscaler policy.

In your case, in the first part of your example 

the IRULE does the following:
1) uri on REQUESTS= "/" --> redirect to "https://hostname/scpv/"
2) uri on REQUESTS starts with string contained in SEC_CAPA_Blacklist --> execute DROP
3) if "Cache-Control" header exists in RESPONSE --> replace header with "no-cache" value
4) if coockies name in RESPONSE starts with "BIGipServer" --> Add the value "path '/'" and "version 1" to the cookie. It also enables the "secure" and "httponly" parameters on the cookie

For 1) point 

add responder action Redirect_action redirect " \"https://\" + HTTP.REQ.HOSTNAME +\"/scpv/\"" -responseStatusCode 302
add responder policy pol_redirect "HTTP.REQ.URL.PATH.SET_TEXT_MODE(IGNORECASE).EQ(\"/\")" Redirect_action
bind lb vserver lb_vserver_name -policyName pol_filenetp8.ced.it_Redir_Portale2 -priority 100 -gotoPriorityExpression END -type REQUEST

for 2) point

first create a PATHSET "SEC_CAPA_Blacklist" with path list (in format \stringA\stringB\ )

add responder policy pol_drop_SEC_CAPA_Blacklist "HTTP.REQ.URL.PATH.SET_TEXT_MODE(IGNORECASE).STARTSWITH_ANY(\"SEC_CAPA_Blacklist\")" DROP
bind lb vserver lb_vserver_name -policyName pol_drop_SEC_CAPA_Blacklist -priority 110 -gotoPriorityExpression END -type REQUEST

for point 3)

add rewrite action act_replace_header_Cache-Control replace “HTTP.REQ.HEADER(\”Cache-Control\”)” “\”no-cache\””
add rewrite policy act_replace_header_Cache-Control “HTTP.REQ.HEADER(\”X-Citrix-Via\”).EXIST\”)” act_replace_header_Cache-Control
bind lb vserver lb_vserver_name -policy act_replace_header_Cache-Control -priority 120 -gotoPriorityExpression NEXT -type RESPONSE

4) point is not necessary (it's a change on F5 header)

 

Regards
 

ERRATA CORRIGE for point 1)

add responder action Redirect_action redirect "\"https://\" + HTTP.REQ.HOSTNAME + \"/scpv/\"" -responseStatusCode 302
add responder policy pol_redirect "HTTP.REQ.URL.PATH.SET_TEXT_MODE(IGNORECASE).EQ(\"/\")" Redirect_action
bind lb vserver lb_vserver_name -policyName pol_redirect -priority 100 -gotoPriorityExpression END -type REQUEST

 

You can bind the policies on vserver (in my code) on cs vserver, in vpn vserver or at GLOBAL level

Regards

Edited by Nicola Campaci
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...