ns icapProfile¶

The following operations can be performed on "ns icapProfile":

add ns icapProfile¶

Adds an ICAP profile to the Citrix ADC.

Synopsys¶

add ns icapProfile <name> [-preview ( ENABLED | DISABLED )] [-previewLength <positive_integer>] -uri <string> [-hostHeader <string>] [-userAgent <string>] -Mode ( REQMOD | RESPMOD ) [-queryParams <string>] [-connectionKeepAlive ( ENABLED | DISABLED )] [-allow204 ( ENABLED | DISABLED )] [-insertICAPHeaders <string>] [-insertHTTPRequest <string>] [-reqTimeout <positive_integer>] [-reqTimeoutAction <reqTimeoutAction>] [-logAction <string>]

Arguments¶

name

Name for an ICAP profile. Must begin with a letter, number, or the underscore \(_\) character. Other characters allowed, after the first character, are the hyphen \(-\), period \(.\), hash \(\#\), space \( \), at \(@\), colon \(:\), and equal \(=\) characters. The name of a ICAP profile cannot be changed after it is created.

CLI Users: If the name includes one or more spaces, enclose the name in double or single quotation marks \(for example, "my icap profile" or 'my icap profile'\).

preview

Enable or Disable preview header with ICAP request. This feature allows an ICAP server to see the beginning of a transaction, then decide if it wants to opt-out of the transaction early instead of receiving the remainder of the request message.

Possible values: ENABLED, DISABLED

Default value: DISABLED

previewLength

Value of Preview Header field. Citrix ADC uses the minimum of this set value and the preview size received on OPTIONS response.

Default value: 4096

Minimum value: 0

Maximum value: 4294967294

uri

URI representing icap service. It is a mandatory argument while creating an icapprofile.

hostHeader

ICAP Host Header

userAgent

ICAP User Agent Header String

Mode

ICAP Mode of operation. It is a mandatory argument while creating an icapprofile.

Possible values: REQMOD, RESPMOD

queryParams

Query parameters to be included with ICAP request URI. Entered values should be in arg=value format. For more than one parameters, add &separated values. e.g.: arg1=val1=val2.

connectionKeepAlive

If enabled, Citrix ADC keeps the ICAP connection alive after a transaction to reuse it to send next ICAP request.

Possible values: ENABLED, DISABLED

Default value: ENABLED

allow204

Enable or Disable sending Allow: 204 header in ICAP request.

Possible values: ENABLED, DISABLED

insertICAPHeaders

Insert custom ICAP headers in the ICAP request to send to ICAP server. The headers can be static or can be dynamically constructed using PI Policy Expression. For example, to send static user agent and Client's IP address, the expression can be specified as "User-Agent: NS-ICAP-Client/V1.0\r\nX-Client-IP: "+CLIENT.IP.SRC+"\r\n".

The Citrix ADC does not check the validity of the specified header name-value. You must manually validate the specified header syntax.

insertHTTPRequest

Exact HTTP request, in the form of an expression, which the Citrix ADC encapsulates and sends to the ICAP server. If you set this parameter, the ICAP request is sent using only this header. This can be used when the HTTP header is not available to send or ICAP server only needs part of the incoming HTTP request. The request expression is constrained by the feature for which it is used.

The Citrix ADC does not check the validity of this request. You must manually validate the request.

reqTimeout

Time, in seconds, within which the remote service request must complete. If the request does not complete within this time, the specified request timeout action is executed. Zero disables the timeout.

Default value: 0

Minimum value: 0

Maximum value: 86400

reqTimeoutAction

Name of the action to perform if the Vserver/Server representing the remote service does not respond. There are also some built-in actions which can be used. These are:

BYPASS - ignore this remote service action and send the request as is.This is done by default.
RESET - Reset the client connection by closing it. The client program, such as a browser, will handle this and may inform the user. The client may then resend the request if desired.
DROP - Drop the request without sending a response to the user.

Possible values: BYPASS, DROP, RESET

Default value: BYPASS

logAction

Name of the audit message action which would be evaluated on receiving the ICAP response to emit the logs.

Example¶

add icapprofile reqmod-profile-previewLen 1024-URI"/req_scan" -HostHeader"Webroot.reqsca" -UserAgen"NS SWG Proxy"

rm ns icapProfile¶

Removes an ICAP profile.

Synopsys¶

rm ns icapProfile <name>

Arguments¶

name

Name of the ICAP profile to be removed

Example¶

rm icapprofile <profile-name>

set ns icapProfile¶

Modifies the attributes of an ICAP profile

Synopsys¶

set ns icapProfile <name> [-preview ( ENABLED | DISABLED )] [-previewLength <positive_integer>] [-uri <string>] [-hostHeader <string>] [-userAgent <string>] [-Mode ( REQMOD | RESPMOD )] [-queryParams <string>] [-connectionKeepAlive ( ENABLED | DISABLED )] [-allow204 ( ENABLED | DISABLED )] [-insertICAPHeaders <string>] [-insertHTTPRequest <string>] [-reqTimeout <positive_integer>] [-reqTimeoutAction <reqTimeoutAction>] [-logAction <string>]

Arguments¶

name

Name for an ICAP profile. Must begin with a letter, number, or the underscore \(_\) character. Other characters allowed, after the first character, are the hyphen \(-\), period \(.\), hash \(\#\), space \( \), at \(@\), colon \(:\), and equal \(=\) characters. The name of a ICAP profile cannot be changed after it is created.

CLI Users: If the name includes one or more spaces, enclose the name in double or single quotation marks \(for example, "my icap profile" or 'my icap profile'\).

preview

Enable or Disable preview header with ICAP request. This feature allows an ICAP server to see the beginning of a transaction, then decide if it wants to opt-out of the transaction early instead of receiving the remainder of the request message.

Possible values: ENABLED, DISABLED

Default value: DISABLED

previewLength

Value of Preview Header field. Citrix ADC uses the minimum of this set value and the preview size received on OPTIONS response.

Default value: 4096

Minimum value: 0

Maximum value: 4294967294

uri

URI representing icap service. It is a mandatory argument while creating an icapprofile.

hostHeader

ICAP Host Header

userAgent

ICAP User Agent Header String

Mode

ICAP Mode of operation. It is a mandatory argument while creating an icapprofile.

Possible values: REQMOD, RESPMOD

queryParams

Query parameters to be included with ICAP request URI. Entered values should be in arg=value format. For more than one parameters, add &separated values. e.g.: arg1=val1=val2.

connectionKeepAlive

If enabled, Citrix ADC keeps the ICAP connection alive after a transaction to reuse it to send next ICAP request.

Possible values: ENABLED, DISABLED

Default value: ENABLED

allow204

Enable or Disable sending Allow: 204 header in ICAP request.

Possible values: ENABLED, DISABLED

Default value: ENABLED

insertICAPHeaders

Insert custom ICAP headers in the ICAP request to send to ICAP server. The headers can be static or can be dynamically constructed using PI Policy Expression. For example, to send static user agent and Client's IP address, the expression can be specified as "User-Agent: NS-ICAP-Client/V1.0\r\nX-Client-IP: "+CLIENT.IP.SRC+"\r\n".

The Citrix ADC does not check the validity of the specified header name-value. You must manually validate the specified header syntax.

insertHTTPRequest

Exact HTTP request, in the form of an expression, which the Citrix ADC encapsulates and sends to the ICAP server. If you set this parameter, the ICAP request is sent using only this header. This can be used when the HTTP header is not available to send or ICAP server only needs part of the incoming HTTP request. The request expression is constrained by the feature for which it is used.

The Citrix ADC does not check the validity of this request. You must manually validate the request.

reqTimeout

Time, in seconds, within which the remote service request must complete. If the request does not complete within this time, the specified request timeout action is executed. Zero disables the timeout.

Default value: 0

Minimum value: 0

Maximum value: 86400

reqTimeoutAction

Name of the action to perform if the Vserver/Server representing the remote service does not respond. There are also some built-in actions which can be used. These are:

BYPASS - ignore this remote service action and send the request as is.This is done by default.
RESET - Reset the client connection by closing it. The client program, such as a browser, will handle this and may inform the user. The client may then resend the request if desired.
DROP - Drop the request without sending a response to the user.

Possible values: BYPASS, DROP, RESET

Default value: BYPASS

logAction

Name of the audit message action which would be evaluated on receiving the ICAP response to emit the logs.

Example¶

set icapprofile <profile-name> -preview ENABLED -previewLength 5066

unset ns icapProfile¶

Use this command to remove ns icapProfile settings.Refer to the set ns icapProfile command for meanings of the arguments.

Synopsys¶

unset ns icapProfile <name> [-preview] [-previewLength] [-hostHeader] [-userAgent] [-queryParams] [-connectionKeepAlive] [-allow204] [-insertICAPHeaders] [-insertHTTPRequest] [-reqTimeout] [-reqTimeoutAction] [-logAction]

show ns icapProfile¶

Displays ICAP profile/s configured on Citrix ADC

Synopsys¶

show ns icapProfile [<name>]

Arguments¶

name

Name of the ICAP profile to be displayed

Outputs¶

preview

Enable or Disable preview header with ICAP request. This feature allows an ICAP server to see the beginning of a transaction, then decide if it wants to opt-out of the transaction early instead of receiving the remainder of the request message.

previewLength

Value of Preview Header field. Citrix ADC uses the minimum of this set value and the preview size received on OPTIONS response.

uri

URI representing icap service. It is a mandatory argument while creating an icapprofile.

hostHeader

ICAP Host Header

userAgent

ICAP User Agent Header String

Mode

ICAP Mode of operation. It is a mandatory argument while creating an icapprofile.

queryParams

Query parameters to be included with ICAP request URI. Entered values should be in arg=value format. For more than one parameters, add &separated values. e.g.: arg1=val1=val2.

connectionKeepAlive

If enabled, Citrix ADC keeps the ICAP connection alive after a transaction to reuse it to send next ICAP request.

allow204

Enable or Disable sending Allow: 204 header in ICAP request.

insertICAPHeaders

Insert custom ICAP headers in the ICAP request to send to ICAP server. The headers can be static or can be dynamically constructed using PI Policy Expression. For example, to send static user agent and Client's IP address, the expression can be specified as "User-Agent: NS-ICAP-Client/V1.0\r\nX-Client-IP: "+CLIENT.IP.SRC+"\r\n".

The Citrix ADC does not check the validity of the specified header name-value. You must manually validate the specified header syntax.

insertHTTPRequest

Exact HTTP request, in the form of an expression, which the Citrix ADC encapsulates and sends to the ICAP server. If you set this parameter, the ICAP request is sent using only this header. This can be used when the HTTP header is not available to send or ICAP server only needs part of the incoming HTTP request. The request expression is constrained by the feature for which it is used.

The Citrix ADC does not check the validity of this request. You must manually validate the request.

reqTimeout

Time, in seconds, within which the remote service request must complete. If the request does not complete within this time, the specified request timeout action is executed. Zero disables the timeout.

reqTimeoutAction

Name of the action to perform if the Vserver/Server representing the remote service does not respond. There are also some built-in actions which can be used. These are:

BYPASS - ignore this remote service action and send the request as is.This is done by default.
RESET - Reset the client connection by closing it. The client program, such as a browser, will handle this and may inform the user. The client may then resend the request if desired.
DROP - Drop the request without sending a response to the user.

logAction

Name of the audit message action which would be evaluated on receiving the ICAP response to emit the logs.

devno

count

stateflag

Example¶

show icapprofile [profile-name]