Posted in : NetScaler Av Simon Gottschlag Översätt med Google ⟶

7 years ago

I’ve been using a few different ways of matching paths in pattern sets, and in the beginning I used two different (one for equals and one for starts with) – but after a few rounds with both customers and Citrix we’ve come up with a really simple way of matching paths in a way that makes it easy to work with. Let’s call it more future proof than other ways I’ve done it before.
The main issue was before that if I created an expression to match a path that starts with for example ”/api/v1/resources/” it didn’t match ”/api/v1/resources?query=value” and if I used start with ”/api/v1/resources” it would also match ”/api/v1/resources-dynamic”. I started out using two different pattern sets and expressions (one for equals and one for starts with) but that became a hassle when it started growing. After bouncing this with Citrix we came up with the following which works like a charm:

add policy patset PATSET_IC_WEBAPP
bind policy patset PATSET_IC_WEBAPP "/api/v1/resources" -index 1 -charset ASCII
bind policy patset PATSET_IC_WEBAPP "/api/v1/static" -index 2 -charset ASCII
bind policy patset PATSET_IC_WEBAPP "/api/v1/misc" -index 3 -charset ASCII
bind policy patset PATSET_IC_WEBAPP "/static/social/facebook.json" -index 4 -charset ASCII
bind policy patset PATSET_IC_WEBAPP "/static/media/logo.jpg" -index 5 -charset ASCII
add policy expression EXP_ADV_IC_WEBAPP "HTTP.REQ.URL.PATH.SET_TEXT_MODE(IGNORECASE).EQUALS_ANY(\"PATSET_IC_WEBAPP\") || HTTP.REQ.URL.PATH.SET_TEXT_MODE(IGNORECASE).AFTER_STR_ANY(\"PATSET_IC_WEBAPP\").STARTSWITH(\"/\")"

In this case, it was the AFTER_STR_ANY(”PATSET_IC_WEBAPP”).STARTSWITH(”/”) that actually appends a / to the end when matching the startswith – making sure that we never check /api/v1/resources with starts with but instead using /api/v1/resources/ but not having to write the last slash in the pattern set.
The above example is used with integrated caching to match specific resources to cache, but this can be used together with responders to allow or deny traffic to paths as well – your imagination is the limit.
Do you know of any other ways of solving this? Please share!

Tags : Expressions, Integrated Caching, NetScaler, Pattern Sets

Personlig rådgivning

Vi erbjuder personlig rådgivning med författaren för 1400 SEK per timme. Anmäl ditt intresse i här så återkommer vi så snart vi kan.

Comments

vandebergh says

Hi, great little trick!
Would love to use this instead of separate pattern sets. However one thing I'm missing is the ability to temporarily allow all traffic. (using a separate "StartsWith" pattern set , you could add "/" to allow all. )

Add comment

Your comment will be revised by the site if needed.