Citrix NetScaler XML API User's Guide

Policy

policy configuration.

Configuration APIs

Use this method to adds a policy dataset to the appliance. The patset file option can be used to bind the patterns contained in a file, which is imported from Citrix ADC or from an external location (please check import/add/update patsetfile). A dataset can be configured with at most one patsetfile!

addpolicyexpression

Use this method to creates a classic or default syntax named expression, which can be used in multiple policies. For example, you can create the following named expressions, ExpressionA and ExpressionB:
ExpressionA: http.req.body(100).contains("A")
ExpressionB: http.req.body(100).contains("B")

You could then create an expression of the form:

addpolicyhttpcallout

Use this method to adds an expression element that, when evaluated, sends an HTTP request to a specified service and receives an HTTP response from the service. Can be used to obtain additional information for use in evaluating policy rules and other expressions. The expression prefix SYS.HTTP_CALLOUT invokes an HTTP callout. You can construct the HTTP callout request in one of two ways:
* Specify individual parts of the request by using the HTTP method, host expression, URL stem expression, and header parameters. These parts are evaluated at run time and concatenated to build the request.
* Specify the entire HTTP request in a single expression.

addpolicymap

Use this method to creates a policy to map a publicly known domain name to a target domain name for a reverse proxy virtual server used by the cache redirection feature. Optionally, you can also specify a source and target URL. The map policy can be associated with a reverse proxy cache redirection virtual server by using the 'bind cr vserver' method. There can be only one default map policy for a domain.

addpolicypatset

Use this method to adds a pattern set. A pattern set contains a name and one or more string patterns. Pattern sets can be used in expressions to match a set of strings. For example, HTTP.REQ.URL.EQUALS_ANY("test_urls"), where test_urls is a pattern set containing URL strings.
Pattern sets can also be used in the search parameter of a rewrite action. Each string pattern is assigned an index that enables you to select the associated string from the set. The patset file option can be used to bind the patterns contained in a file, which is imported from Citrix ADC or from an external location (please check import/add/update patsetfile). A patset can be configured with at most one patsetfile

addpolicypatsetfile

Use this method to loads the patterns from the specified patset file.

addpolicystringmap

Use this method to creates a string map. You must use the 'bind policy stringmap' method to bind strings to this string map.

addpolicyurlset

Use this method to adds a url set.

bindpolicydataset_comment

Use this method to bind comment to policy dataset.

bindpolicydataset_endrange

Use this method to bind endrange to policy dataset.

bindpolicydataset_value

Use this method to bind value to policy dataset.

bindpolicypatset_comment

Use this method to bind comment to policy patset.

bindpolicypatset_string

Use this method to bind string to policy patset.

bindpolicystringmap_comment

Use this method to bind comment to policy stringmap.

bindpolicystringmap_key

Use this method to bind key to policy stringmap.

clearpolicytracing

Use this method to remove the collected policy tracing data from memory

exportpolicyurlset

Use this method to exports the specified urlset to the URL. Ensure the URL accepts a PUT request for HTTP/HTTPS URL.

getpolicydataset

Use this method to get the configured dataset(s).

getpolicyevaluation

Use this method to get pixl expression or action and gives result. Result type can be zero or more of:

getpolicyexpression

Use this method to get information about the available named policy expressions.

getpolicyhttpcallout

Use this method to get information about the configured HTTP callouts.

getpolicymap

Use this method to get information about the available policy maps.

getpolicyparam

Use this method to get the policy parameters.

getpolicypatset

Use this method to get the list of pattern sets configured on the appliance.

getpolicypatsetfile

Use this method to get a list of all the imported patset files on the Citrix ADC.

getpolicystringmap

Use this method to get a list of available string maps.

getpolicytracing

Use this method to get the collected policy tracing data.

getpolicyurlset

Use this method to get information about the configured urlsets.

importpolicypatsetfile

Use this method to import a patset file to the Citrix ADC and assign it a name.

importpolicyurlset

Use this method to imports the specified urlset to the Citrix ADC, assigns it the specified name.

rmpolicydataset

Use this method to removes a dataset from the appliance.

rmpolicyexpression

Use this method to removes a named policy expression. If the expression is used by a policy or filter, you must remove the policy or filter before removing the expression.

rmpolicyhttpcallout

Use this method to removes an HTTP callout. You cannot remove an HTTP callout that is used in any part of policy, action, or expression.

rmpolicymap

Use this method to removes a map policy. Before removing the map policy, you must unbind the map policy from the reverse proxy virtual server.

rmpolicypatset

Use this method to removes a pattern set. If the pattern set is used by an expression in another object, such as a policy, you must remove the object before removing the pattern set.

rmpolicypatsetfile

Use this method to deletes the specified patset file.

rmpolicystringmap

Use this method to removes a string map. String maps can be removed only if not used in any part of policy, action, or expression.

rmpolicyurlset

Use this method to removes a url set. If the url set is used by an expression in another object, such as a policy, you must remove the object before removing the url set.

setpolicydataset_dynamic

Use this method to set this is used to populate internal dataset information so that the dataset can also be used dynamically in an expression. Here dynamically means the dataset name can also be derived using an expression. For example for a given dataset name "allow_test" it can be used dynamically as client.ip.src.equals_any("allow_" + http.req.url.path.get(1)). This cannot be used with default datasets.

setpolicyexpression_clientsecuritymessage

Use this method to set the client security message that will be displayed on failure of this expression. Only relevant for end point check expressions.

setpolicyexpression_comment

Use this method to set any comments associated with the expression. Displayed upon viewing the policy expression.

setpolicyexpression_value

Use this method to set the expression string.

setpolicyhttpcallout_bodyexpr

Use this method to set an advanced string expression for generating the body of the request. The expression can contain a literal string or an expression that derives the value (for example, client.ip.src). Mutually exclusive with -fullReqExpr.

setpolicyhttpcallout_cacheforsecs

Use this method to set duration, in seconds, for which the callout response is cached. The cached responses are stored in an integrated caching content group named "calloutContentGroup". If no duration is configured, the callout responses will not be cached unless normal caching configuration is used to cache them. This parameter takes precedence over any normal caching configuration that would otherwise apply to these responses.
Note that the calloutContentGroup definition may not be modified or removed nor may it be used with other cache policies.

setpolicyhttpcallout_comment

Use this method to set any comments to preserve information about this HTTP callout.

setpolicyhttpcallout_fullreqexpr

Use this method to set exact HTTP request, in the form of an expression, which the Citrix ADC sends to the callout agent. If you set this parameter, you must not include HTTP method, host expression, URL stem expression, headers, or parameters.
The request expression is constrained by the feature for which the callout is used. For example, an HTTP.RES expression cannot be used in a request-time policy bank or in a TCP content switching policy bank.
The Citrix ADC does not check the validity of this request. You must manually validate the request.

setpolicyhttpcallout_headers

Use this method to set one or more headers to insert into the HTTP request. Each header is specified as "name(expr)", where expr is an expression that is evaluated at runtime to provide the value for the named header. You can configure a maximum of eight headers for an HTTP callout. Mutually exclusive with the full HTTP request expression.

setpolicyhttpcallout_hostexpr

Use this method to set string expression to configure the Host header. Can contain a literal value (for example, 10.101.10.11) or a derived value (for example, http.req.header("Host")). The literal value can be an IP address or a fully qualified domain name. Mutually exclusive with the full HTTP request expression.

setpolicyhttpcallout_httpmethod

Use this method to set method used in the HTTP request that this callout sends. Mutually exclusive with the full HTTP request expression.

setpolicyhttpcallout_ipaddress

Use this method to set iP Address of the server (callout agent) to which the callout is sent. Can be an IPv4 or IPv6 address.
Mutually exclusive with the Virtual Server parameter. Therefore, you cannot set the and the Virtual Server in the same HTTP callout.

setpolicyhttpcallout_parameters

Use this method to set one or more query parameters to insert into the HTTP request URL (for a GET request) or into the request body (for a POST request). Each parameter is specified as "name(expr)", where expr is an expression that is evaluated at run time to provide the value for the named parameter (name=value). The parameter values are URL encoded. Mutually exclusive with the full HTTP request expression.

setpolicyhttpcallout_port

Use this method to set server port to which the HTTP callout agent is mapped. Mutually exclusive with the Virtual Server parameter. Therefore, you cannot set the and the Virtual Server in the same HTTP callout.

setpolicyhttpcallout_resultexpr

Use this method to set expression that extracts the callout results from the response sent by the HTTP callout agent. Must be a response based expression, that is, it must begin with HTTP.RES. The operations in this expression must match the return type. For example, if you configure a return type of TEXT, the result expression must be a text based expression. If the return type is NUM, the result expression (resultExpr) must return a numeric value, as in the following example: http.res.body(10000).length.

setpolicyhttpcallout_returntype

Use this method to set type of data that the target callout agent returns in response to the callout.
Available settings function as follows:
* TEXT - Treat the returned value as a text string.
* NUM - Treat the returned value as a number.
* BOOL - Treat the returned value as a Boolean value.
Note: You cannot change the return type after it is set.

setpolicyhttpcallout_scheme

Use this method to set type of scheme for the callout server.

setpolicyhttpcallout_urlstemexpr

Use this method to set string expression for generating the URL stem. Can contain a literal string (for example, "/mysite/index.html") or an expression that derives the value (for example, http.req.url). Mutually exclusive with the full HTTP request expression.

setpolicyhttpcallout_vserver

Use this method to set name of the load balancing, content switching, or cache redirection virtual server (the callout agent) to which the HTTP callout is sent. The service type of the virtual server must be HTTP. Mutually exclusive with the IP address and port parameters. Therefore, you cannot set the and the Virtual Server in the same HTTP callout.

setpolicyparam_timeout

Use this method to set maximum time in milliseconds to allow for processing expressions and policies without interruption. If the timeout is reached then the evaluation causes an UNDEF to be raised and no further processing is performed.

setpolicypatset_dynamic

Use this method to set this is used to populate internal patset information so that the patset can also be used dynamically in an expression. Here dynamically means the patset name can also be derived using an expression. For example for a given patset name "allow_test" it can be used dynamically as http.req.url.contains_any("allow_" + http.req.url.path.get(1)). This cannot be used with default patsets.

setpolicystringmap_comment

Use this method to set comments associated with the string map or key-value pair bound to this string map.

startpolicytracing

Use this method to starts the policy tracing

stoppolicytracing

Use this method to stop the policy tracing

unbindpolicydataset_endrange

Use this method to unbind endrange from policy dataset.

unbindpolicydataset_value

Use this method to unbind value from policy dataset.

unbindpolicypatset_string

Use this method to unbind string from policy patset.