ssl-policy¶
The following operations can be performed on "ssl-policy":
add ssl policy¶
Adds an SSL policy. An SSL policy evaluates incoming traffic and applies a predefined action to requests that match a rule (expression). You have to configure the actions before creating the policies, so that you can specify an action when you create a policy.
Synopsis¶
add ssl policy <name> -rule <expression> [-action <string>] [-undefAction <string>] [-comment <string>]
Arguments¶
name
Name for the new SSL policy. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the policy is created.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my policy" or 'my policy').
rule
Expression, against which traffic is evaluated.
The following requirements apply only to the Citrix ADC CLI: * If the expression includes one or more spaces, enclose the entire expression in double quotation marks. * If the expression itself includes double quotation marks, escape the quotations by using the character. * Alternatively, you can use single quotation marks to enclose the rule, in which case you do not have to escape the double quotation marks.
action
Name of the built-in or user-defined action to perform on the request. Available built-in actions are NOOP, RESET, DROP, CLIENTAUTH, NOCLIENTAUTH, INTERCEPT AND BYPASS.
undefAction
Name of the action to be performed when the result of rule evaluation is undefined. Possible values for control policies: CLIENTAUTH, NOCLIENTAUTH, NOOP, RESET, DROP. Possible values for data policies: NOOP, RESET, DROP and BYPASS
comment
Any comments associated with this policy.
Example¶
add ssl action certInsert_act -clientCert ENABLED -certHeader CERT add ssl policy certInsert_pol -rule 'HTTP.REQ.URL.STARTSWITH("/secure/")' -reqAction certInsert_act The above example adds an SSL policy to do Client certificate insertion into the HTTP requests for any web-objects under /secure/.
rm ssl policy¶
Removes an SSL policy.
Synopsis¶
rm ssl policy <name>
Arguments¶
name
Name of the SSL policy to be removed.
Example¶
rm ssl policy certInsert_pol
set ssl policy¶
Modifies the parameters of an SSL policy.
Synopsis¶
set ssl policy <name> [-rule <expression>] [-action <string>] [-undefAction <string>] [-comment <string>]
Arguments¶
name
Name of the SSL policy to modify.
rule
Expression, against which traffic is evaluated.
The following requirements apply only to the Citrix ADC CLI: * If the expression includes one or more spaces, enclose the entire expression in double quotation marks. * If the expression itself includes double quotation marks, escape the quotations by using the character. * Alternatively, you can use single quotation marks to enclose the rule, in which case you do not have to escape the double quotation marks.
action
Name of the built-in or user-defined action to perform on the request. Available built-in actions are NOOP, RESET, DROP, CLIENTAUTH, NOCLIENTAUTH, INTERCEPT AND BYPASS.
undefAction
Name of the action to be performed when the result of rule evaluation is undefined. Possible values for control policies: CLIENTAUTH, NOCLIENTAUTH, NOOP, RESET, DROP. Possible values for data policies: NOOP, RESET, DROP and BYPASS
comment
Any comments associated with this policy.
Example¶
set ssl policy pol1 -rule "HTTP.REQ.HEADER(\"header\").CONTAINS(\"qh2\")"
unset ssl policy¶
Removes the attributes of an SSL policy. Attributes for which a default value is available revert to their default values. Refer to the set ssl policy command for a description of the parameters..Refer to the set ssl policy command for meanings of the arguments.
Synopsis¶
unset ssl policy <name> [-undefAction] [-comment]
Example¶
unset ssl policy pol1 -undefAction
show ssl policy¶
Displays information about all the SSL policies configured on the appliance, or displays detailed information about the specified SSL policy.
Synopsis¶
show ssl policy [<name>]
Arguments¶
name
Name of the SSL policy for which to display detailed information.
Output¶
stateflag
rule
The expression that sets the condition for application of the SSL policy.
action
The name of the action to be performed on the request.
undefAction
Undef Action associated with the policy.
hits
Number of hits for this policy.
piHits
Number of hits.
undefHits
Number of Undef hits.
activePolicy
boundTo
The entity name to which policy is bound
priority
gotoPriorityExpression
Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.
labelType
Type of policy label invocation.
labelName
Name of the label to invoke if the current policy rule evaluates to TRUE.
description
Description of the policy
comment
Any comments associated with this policy.
bindPolicyType
vserverType
policyType
peFlags
type
type
builtin
Flag to determine if SSL policy is built-in or not
feature
The feature to be checked while applying this config
devno
count
Example¶
show ssl policy 1 SSL policy: 1) Name: certInsert_pol Rule: URL == /* Action: certInsert_act Hits: 0