Nils Liebherr

I think I'll explain a bit more in detail: Content Switch VS: - CS Policy: HTTP.REQ.URL.STARTSWITH("/aaa/") -> LB vServer "lb_vs_A" with Service Group "svc_grp_A"containing server_a:15443 & server_b:15443 - CS Policy: HTTP.REQ.URL.STARTSWITH("/bbb/") -> LB vServer "lb_vs_B" with Service Group "svc_grp_B" containing server_a:16443 & server_b:16443 - default LB vServer "lb_vs_C" with Service Group "svc_grp_C" containing server_a:8443 & server_b:8443 If LB vServer "lb_vs_A" is down because both servers are not reachable at port 15443 and the requests starts with "/aaa/" (matching the first CS policy) I would expect a HTTP 503, because of: But instead, I receive a HTTP 404, because the request with "/aaa/" seems to be sent to the default LB vServer and there is nothing found at /aaa/

We have a content switch with two content switching policies and a default LB vserver. From this article I understand that the netscaler should send a HTTP 503 if the vserver from a CS policy is down: https://support.citrix.com/article/CTX236551/http-503-error-when-accessing-content-swtich-vserver But that's not the case! Instead, the traffic which matches the policy where the referenced LB vserver is down, is passed to the default LB vserver which results in a 404 and not 503. Any idea why this happens?

For security reasons, I would like to activate "Drop invalid HTTP requests" in the nshttp_default_profile. Because there are already several content switches and loadbalancing vservers configured on our appliance, I would like to log the affected requests. Best option would be to log potentially dropped requests before activating the setting. I tried a rewrite policy as well as a responder policy with "http.req.is_valid.not", bound them globally and then sent invalid requests. I know the requests are invalid, because when setting "drop invalid http requests", they are actually dropped. But the hit counter of both policies does not count up. Did I do something wrong? Is this the wrong approach? Any other ideas? Thank!