responder-policy¶
The following operations can be performed on "responder-policy":
add| rm| set| unset| show| rename| stat|
add responder policy¶
Creates a responder policy, which specifies requests that the Citrix ADC intercepts and responds to directly instead of forwarding them to a protected server.
Synopsis¶
add responder policy <name> <rule> <action> [<undefAction>] [-comment <string>] [-logAction <string>] [-appflowAction <string>]
Arguments¶
name
Name for the responder policy. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Can be changed after the responder policy is added.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my responder policy" or 'my responder policy').
rule
Expression that the policy uses to determine whether to respond to the specified request.
action
Name of the responder action to perform if the request matches this responder policy. There are also some built-in actions which can be used. These are: * NOOP - Send the request to the protected server instead of responding to it. * RESET - Reset the client connection by closing it. The client program, such as a browser, will handle this and may inform the user. The client may then resend the request if desired. * DROP - Drop the request without sending a response to the user.
undefAction
Action to perform if the result of policy evaluation is undefined (UNDEF). An UNDEF event indicates an internal error condition. Only the above built-in actions can be used.
comment
Any type of information about this responder policy.
logAction
Name of the messagelog action to use for requests that match this policy.
appflowAction
AppFlow action to invoke for requests that match this policy.
Example¶
i) add responder policy pol9 "HTTP.REQ.HEADER(\"header\").CONTAINS(\"qh3\")" act_respondwith
rm responder policy¶
Removes the specified responder policy.
Synopsis¶
rm responder policy <name>
Arguments¶
name
Name of the responder policy to remove.
Example¶
rm responder policy pol9
set responder policy¶
Modifies the rule or action portion of the specified responder policy.
Synopsis¶
set responder policy <name> [-rule <expression>] [-action <string>] [-undefAction <string>] [-comment <string>] [-logAction <string>] [-appflowAction <string>]
Arguments¶
name
Name of the responder policy.
rule
Expression that the policy uses to determine whether to respond to the specified request.
action
Name of the responder action to perform if the request matches this responder policy. There are also some built-in actions which can be used. These are: * NOOP - Send the request to the protected server instead of responding to it. * RESET - Reset the client connection by closing it. The client program, such as a browser, will handle this and may inform the user. The client may then resend the request if desired. * DROP - Drop the request without sending a response to the user.
undefAction
Action to perform if the result of policy evaluation is undefined (UNDEF). An UNDEF event indicates an internal error condition. Only the above built-in actions can be used.
comment
Any type of information about this responder policy.
logAction
Name of the messagelog action to use for requests that match this policy.
appflowAction
AppFlow action to invoke for requests that match this policy.
Example¶
set responder policy pol9 -rule "HTTP.REQ.HEADER(\"header\").CONTAINS(\"qh2\")"
unset responder policy¶
Removes the settings of an existing responder policy. Attributes for which a default value is available revert to their default values. See the set responder policy command for descriptions of the parameters..Refer to the set responder policy command for meanings of the arguments.
Synopsis¶
unset responder policy <name> [-undefAction] [-comment] [-logAction] [-appflowAction]
Example¶
unset responder policy respol9 -undefAction
show responder policy¶
Displays the current settings for the specified responder policy. If no policy name is specified, displays a list of all responder policies currently configured on the Citrix ADC, with abbreviated settings.
Synopsis¶
show responder policy [<name>] show responder policy stats - alias for 'stat responder policy'
Arguments¶
name
Name of the responder policy for which to display settings.
Output¶
stateflag
rule
Rule of the policy.
action
Responder action associated with the policy.
undefAction
UNDEF action associated with the policy.
hits
Number of hits.
undefHits
Number of policy UNDEF hits.
activePolicy
Indicates whether policy is bound or not.
boundTo
Location where policy is bound
priority
Specifies the priority of the policy.
gotoPriorityExpression
Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.
labelType
Type of policy label invocation.
labelName
Name of the label to invoke if the current policy rule evaluates to TRUE.
comment
Any type of information about this responder policy.
logAction
Name of the messagelog action to use for requests that match this policy.
bindPolicyType
vserverType
appflowAction
AppFlow action to invoke for requests that match this policy.
builtin
Flag to determine if responder policy is built-in or not
feature
The feature to be checked while applying this config
type
devno
count
Example¶
show responder policy
rename responder policy¶
Renames the specified responder policy.
Synopsis¶
rename responder policy <name>@ <newName>@
Arguments¶
name
Existing name of the responder policy.
newName
New name for the responder policy. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) hash (#), space ( ), at (@), equals (=), colon (:), and underscore characters.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my responder policy" or 'my responder policy').
Example¶
rename responder policy oldname newname
stat responder policy¶
Displays statistics for all responder policies currently configured on the Citrix ADC, or detailed statistics for the specified policy.
Synopsis¶
stat responder policy [<name>] [-detail] [-fullValues] [-ntimes <positive_integer>] [-logFile <input_filename>] [-clearstats ( basic | full )]
Arguments¶
name
Name of the responder policy for which to show detailed statistics.
detail
Specifies detailed output (including more statistics). The output can be quite voluminous. Without this argument, the output will show only a summary.
fullValues
Specifies that numbers and strings should be displayed in their full form. Without this option, long strings are shortened and large numbers are abbreviated
ntimes
The number of times, in intervals of seven seconds, the statistics should be displayed. Default value: 1 Minimum value: 0
logFile
The name of the log file to be used as input.
clearstats
Clear the statsistics / counters
Possible values: basic, full
Output¶
count
devno
stateflag
Counters¶
Policy hits (Hits)
Number of hits on the policy
Policy undef hits (Undefhits)
Number of undef hits on the policy