Posted in : NetScaler By Simon Gottschlag Translate with Google ⟶
6 years ago
I’ve been using a few different ways of matching paths in pattern sets, and in the beginning I used two different (one for equals and one for starts with) – but after a few rounds with both customers and Citrix we’ve come up with a really simple way of matching paths in a way that makes it easy to work with. Let’s call it more future proof than other ways I’ve done it before.
The main issue was before that if I created an expression to match a path that starts with for example ”/api/v1/resources/” it didn’t match ”/api/v1/resources?query=value” and if I used start with ”/api/v1/resources” it would also match ”/api/v1/resources-dynamic”. I started out using two different pattern sets and expressions (one for equals and one for starts with) but that became a hassle when it started growing. After bouncing this with Citrix we came up with the following which works like a charm:
add policy patset PATSET_IC_WEBAPP bind policy patset PATSET_IC_WEBAPP "/api/v1/resources" -index 1 -charset ASCII bind policy patset PATSET_IC_WEBAPP "/api/v1/static" -index 2 -charset ASCII bind policy patset PATSET_IC_WEBAPP "/api/v1/misc" -index 3 -charset ASCII bind policy patset PATSET_IC_WEBAPP "/static/social/facebook.json" -index 4 -charset ASCII bind policy patset PATSET_IC_WEBAPP "/static/media/logo.jpg" -index 5 -charset ASCII add policy expression EXP_ADV_IC_WEBAPP "HTTP.REQ.URL.PATH.SET_TEXT_MODE(IGNORECASE).EQUALS_ANY(\"PATSET_IC_WEBAPP\") || HTTP.REQ.URL.PATH.SET_TEXT_MODE(IGNORECASE).AFTER_STR_ANY(\"PATSET_IC_WEBAPP\").STARTSWITH(\"/\")"
In this case, it was the AFTER_STR_ANY(”PATSET_IC_WEBAPP”).STARTSWITH(”/”) that actually appends a / to the end when matching the startswith – making sure that we never check /api/v1/resources with starts with but instead using /api/v1/resources/ but not having to write the last slash in the pattern set.
The above example is used with integrated caching to match specific resources to cache, but this can be used together with responders to allow or deny traffic to paths as well – your imagination is the limit.
Do you know of any other ways of solving this? Please share!
Tags : Expressions, Integrated Caching, NetScaler, Pattern Sets
Vi erbjuder personlig rådgivning med författaren för 1400 SEK per timme. Anmäl ditt intresse i här så återkommer vi så snart vi kan.
Hi, great little trick!
Would love to use this instead of separate pattern sets. However one thing I'm missing is the ability to temporarily allow all traffic. (using a separate "StartsWith" pattern set , you could add "/" to allow all. )