This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
filter-policy
The following operations can be performed on “filter-policy”:
set filter policy
Modifies a filter policy.
Synopsis
set filter policy
Arguments
name Name of the filter policy to be modified.
rule Citrix ADC classic expression specifying the type of connections that match this policy.
reqAction Name of the action to be performed on requests that match the policy. Cannot be specified if the rule includes condition to be evaluated for responses.
resAction The action to be performed on the response. The string value can be a filter action created filter action or a built-in action.
Example
Example 1: A filter policy to allow access of URL /foo/secure.asp only from 65.186.55.0 network can be created using below command: add filter policy url_filter -rule “URL == /foo/secure.asp && SOURCEIP != 65.186.55.0 -netmask 255.255.255.0” -reqAction RESET This policy is activated using: bind filter global url_filter
Later, to allow access of this url from second network 65.202.35.0 too, above filter policy can be changed by issuing below command: set filter policy url_filter -rule “URL == /foo/secure.asp && SOURCEIP != 65.186.55.0 -netmask 255.255.255.0 && SOURCEIP != 65.202.35.0 -netmask 255.255.255.0”
Changed filter policy can be viewed by using following command: show filter policy url_filter Name: url_filter Rule: (URL == /foo/secure.asp && (SOURCEIP != 65.186.55.0 -netmask 255.255.255.0 && SOURCEIP != 65.202.35.0 -netmask 255.255.255.0)) Request action: RESET Response action: Hits: 0 Done
show filter policy
Displays information about the filter policies.
Synopsis
show filter policy [
Arguments
name Name of the filter policy to be displayed. If a name is not provided, information about all the filter policies is shown.
Output
rule Citrix ADC classic expression specifying the type of connections that match this policy.
reqAction The name of the action to be performed on the request.
resAction The action to be performed on the response.
hits boundTo The entity name to which policy is bound
activePolicy priority bindPolicyType policyType devno count stateflag
Example
show filter policy 1) Name: nimda_filter Rule: (URL CONTAINS root.exe || URL CONTAINS cmd.exe) Request action: RESET Response action: Hits: 0 2) Name: ip_filter Rule: (src_ips && URL == /admin/account.asp) Request action: RESET Response action: Hits: 0 Done
Individual filter policy can also be viewed by giving filter policy name as argument: show filter policy ip_filter Name: ip_filter Rule: (src_ips && URL == /admin/account.asp) Request action: RESET Response action: Hits: 0 Done
add filter policy
Creates a content filtering policy.
Synopsis
add filter policy
Arguments
name Name for the filtering action. Must begin with a letter, number, or the underscore character (_). Other characters allowed, after the first character, are the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), and colon (:) characters. Choose a name that helps identify the type of action. The name cannot be updated after the policy is created.
CLI Users: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my policy” or ‘my policy’).
rule Citrix ADC classic expression specifying the type of connections that match this policy.
reqAction Name of the action to be performed on requests that match the policy. Cannot be specified if the rule includes condition to be evaluated for responses.
resAction The action to be performed on the response. The string value can be a filter action created filter action or a built-in action.
Example
Example 1: add policy expression e1 “sourceip == 66.33.22.0 -netmask 255.255.255.0” add policy expression e2 “URL == /admin/account.asp” add filter policy ip_filter -rule “e1 && e2” -reqAction RESET After creating above filter policy, it can be activated by binding it globally: bind filter global ip_filter
With the configured ip_filter (name of the filter policy), the Citrix ADC system sends a TCP reset to all HTTP requests for the /admin/account.asp URL from 66.33.22.0 Class C network. This action is applied at the HTTP request time.
Example 2: To silently drop (without sending FIN) all the HTTP requests in which the URL has root.exe or cmd.exe, below filter policy can be configured: add filter policy nimda_filter -rule "URL contains root.exe || URL contains cmd.exe" -reqAction DROP bind filter global nimda_filter
Example 3: add filter policy url_filter -rule “url == /foo/secure.asp && SOURCEIP != 65.186.55.0 -netmask 255.255.255.0 && SOURCEIP != 65.202.35.0 -netmask 255.255.255.0” -reqaction RESET bind filter global url_filter
With the above configured filter policy named url_filter, the Citrix ADC system sends RESET to all HTTP requests for the URL /foo/secure.asp from all the networks except from 65.186.55.0 and 65.202.35.0 Class C networks. This action is applied at the HTTP request time.
Note: In above examples, the RESET and DROP are built-in actions in the Citrix ADC system.
“show filter action” and “show filter policy” CLI commands show the configured filter actions and policies in Citrix ADC system respectively. “show filter global” command shows all the globallyactive filter policies.
rm filter policy
Removes a filter policy.
Synopsis
rm filter policy
Arguments
name Name of the filter policy to be removed.
Example
rm filter policy filter_policy_name The “show filter policy” command shows all filter policies that are currently defined.
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.