ADC CLI Commands

ns-icapProfile

The following operations can be performed on “ns-icapProfile”:

add ns icapProfile

Adds an ICAP profile to the Citrix ADC.

Synopsis

add ns icapProfile \[-preview \( ENABLED | DISABLED )] \[-previewLength <positive\_integer>] -uri \[-hostHeader ] \[-userAgent ] -Mode \( REQMOD | RESPMOD ) \[-queryParams ] \[-connectionKeepAlive \( ENABLED | DISABLED )] \[-allow204 \( ENABLED | DISABLED )] \[-insertICAPHeaders ] \[-insertHTTPRequest ] \[-reqTimeout <positive\_integer>] \[-reqTimeoutAction ] \[-logAction ]

Arguments

name Name for an ICAP profile. Must begin with a letter, number, or the underscore (_) character. Other characters allowed, after the first character, are the hyphen (-), period (.), hash (#), space ( ), at (@), colon (:), and equal (=) characters. The name of a ICAP profile cannot be changed after it is created.

CLI Users: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my icap profile” or ‘my icap profile’).

preview Enable or Disable preview header with ICAP request. This feature allows an ICAP server to see the beginning of a transaction, then decide if it wants to opt-out of the transaction early instead of receiving the remainder of the request message.

Possible values: ENABLED, DISABLED Default value: DISABLED

previewLength Value of Preview Header field. Citrix ADC uses the minimum of this set value and the preview size received on OPTIONS response. Default value: 4096 Minimum value: 0 Maximum value: 4294967294

uri URI representing icap service. It is a mandatory argument while creating an icapprofile.

hostHeader ICAP Host Header

userAgent ICAP User Agent Header String

Mode ICAP Mode of operation. It is a mandatory argument while creating an icapprofile.

Possible values: REQMOD, RESPMOD

queryParams Query parameters to be included with ICAP request URI. Entered values should be in arg=value format. For more than one parameters, add & separated values. e.g.: arg1=val1&arg2=val2.

connectionKeepAlive If enabled, Citrix ADC keeps the ICAP connection alive after a transaction to reuse it to send next ICAP request.

Possible values: ENABLED, DISABLED Default value: ENABLED

allow204 Enable or Disable sending Allow: 204 header in ICAP request.

Possible values: ENABLED, DISABLED Default value: ENABLED

insertICAPHeaders Insert custom ICAP headers in the ICAP request to send to ICAP server. The headers can be static or can be dynamically constructed using PI Policy Expression. For example, to send static user agent and Client’s IP address, the expression can be specified as “User-Agent: NS-ICAP-Client/V1.0\r\nX-Client-IP: “+CLIENT.IP.SRC+”\r\n”. The Citrix ADC does not check the validity of the specified header name-value. You must manually validate the specified header syntax.

insertHTTPRequest Exact HTTP request, in the form of an expression, which the Citrix ADC encapsulates and sends to the ICAP server. If you set this parameter, the ICAP request is sent using only this header. This can be used when the HTTP header is not available to send or ICAP server only needs part of the incoming HTTP request. The request expression is constrained by the feature for which it is used. The Citrix ADC does not check the validity of this request. You must manually validate the request.

reqTimeout Time, in seconds, within which the remote server should respond to the ICAP-request. If the Netscaler does not receive full response with this time, the specified request timeout action is performed. Zero value disables this timeout functionality. Default value: 0 Minimum value: 0 Maximum value: 86400

reqTimeoutAction Name of the action to perform if the Vserver/Server representing the remote service does not respond with any response within the timeout value configured. The Supported actions are

  • BYPASS - This Ignores the remote server response and sends the request/response to Client/Server. * If the ICAP response with Encapsulated headers is not received within the request-timeout value configured, this Ignores the remote ICAP server response and sends the Full request/response to Server/Client.
  • RESET - Reset the client connection by closing it. The client program, such as a browser, will handle this and may inform the user. The client may then resend the request if desired.
  • DROP - Drop the request without sending a response to the user.

Possible values: BYPASS, DROP, RESET Default value: RESET

logAction Name of the audit message action which would be evaluated on receiving the ICAP response to emit the logs.

Example

add icapprofile reqmod-profile-previewLen 1024-URI”/req_scan” -HostHeader”Webroot.reqsca” -UserAgen”NS SWG Proxy”

unset ns icapProfile

Use this command to remove ns icapProfile settings.Refer to the set ns icapProfile command for meanings of the arguments.

Synopsis

unset ns icapProfile [-preview] [-previewLength] [-hostHeader] [-userAgent] [-queryParams] [-connectionKeepAlive] [-allow204] [-insertICAPHeaders] [-insertHTTPRequest] [-reqTimeout] [-reqTimeoutAction] [-logAction]

rm ns icapProfile

Removes an ICAP profile.

Synopsis

rm ns icapProfile

Arguments

name Name of the ICAP profile to be removed

Example

rm icapprofile

set ns icapProfile

Modifies the attributes of an ICAP profile

Synopsis

set ns icapProfile \[-preview \( ENABLED | DISABLED )] \[-previewLength <positive\_integer>] \[-uri ] \[-hostHeader ] \[-userAgent ] \[-Mode \( REQMOD | RESPMOD )] \[-queryParams ] \[-connectionKeepAlive \( ENABLED | DISABLED )] \[-allow204 \( ENABLED | DISABLED )] \[-insertICAPHeaders ] \[-insertHTTPRequest ] \[-reqTimeout <positive\_integer>] \[-reqTimeoutAction ] \[-logAction ]

Arguments

name Name for an ICAP profile. Must begin with a letter, number, or the underscore (_) character. Other characters allowed, after the first character, are the hyphen (-), period (.), hash (#), space ( ), at (@), colon (:), and equal (=) characters. The name of a ICAP profile cannot be changed after it is created.

CLI Users: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my icap profile” or ‘my icap profile’).

preview Enable or Disable preview header with ICAP request. This feature allows an ICAP server to see the beginning of a transaction, then decide if it wants to opt-out of the transaction early instead of receiving the remainder of the request message.

Possible values: ENABLED, DISABLED Default value: DISABLED

previewLength Value of Preview Header field. Citrix ADC uses the minimum of this set value and the preview size received on OPTIONS response. Default value: 4096 Minimum value: 0 Maximum value: 4294967294

uri URI representing icap service. It is a mandatory argument while creating an icapprofile.

hostHeader ICAP Host Header

userAgent ICAP User Agent Header String

Mode ICAP Mode of operation. It is a mandatory argument while creating an icapprofile.

Possible values: REQMOD, RESPMOD

queryParams Query parameters to be included with ICAP request URI. Entered values should be in arg=value format. For more than one parameters, add & separated values. e.g.: arg1=val1&arg2=val2.

connectionKeepAlive If enabled, Citrix ADC keeps the ICAP connection alive after a transaction to reuse it to send next ICAP request.

Possible values: ENABLED, DISABLED Default value: ENABLED

allow204 Enable or Disable sending Allow: 204 header in ICAP request.

Possible values: ENABLED, DISABLED Default value: ENABLED

insertICAPHeaders Insert custom ICAP headers in the ICAP request to send to ICAP server. The headers can be static or can be dynamically constructed using PI Policy Expression. For example, to send static user agent and Client’s IP address, the expression can be specified as “User-Agent: NS-ICAP-Client/V1.0\r\nX-Client-IP: “+CLIENT.IP.SRC+”\r\n”. The Citrix ADC does not check the validity of the specified header name-value. You must manually validate the specified header syntax.

insertHTTPRequest Exact HTTP request, in the form of an expression, which the Citrix ADC encapsulates and sends to the ICAP server. If you set this parameter, the ICAP request is sent using only this header. This can be used when the HTTP header is not available to send or ICAP server only needs part of the incoming HTTP request. The request expression is constrained by the feature for which it is used. The Citrix ADC does not check the validity of this request. You must manually validate the request.

reqTimeout Time, in seconds, within which the remote server should respond to the ICAP-request. If the Netscaler does not receive full response with this time, the specified request timeout action is performed. Zero value disables this timeout functionality. Default value: 0 Minimum value: 0 Maximum value: 86400

reqTimeoutAction Name of the action to perform if the Vserver/Server representing the remote service does not respond with any response within the timeout value configured. The Supported actions are

  • BYPASS - This Ignores the remote server response and sends the request/response to Client/Server. * If the ICAP response with Encapsulated headers is not received within the request-timeout value configured, this Ignores the remote ICAP server response and sends the Full request/response to Server/Client.
  • RESET - Reset the client connection by closing it. The client program, such as a browser, will handle this and may inform the user. The client may then resend the request if desired.
  • DROP - Drop the request without sending a response to the user.

Possible values: BYPASS, DROP, RESET Default value: RESET

logAction Name of the audit message action which would be evaluated on receiving the ICAP response to emit the logs.

Example

set icapprofile -preview ENABLED -previewLength 5066

show ns icapProfile

Displays ICAP profile/s configured on Citrix ADC

Synopsis

show ns icapProfile []

Arguments

name Name of the ICAP profile to be displayed

Output

preview Enable or Disable preview header with ICAP request. This feature allows an ICAP server to see the beginning of a transaction, then decide if it wants to opt-out of the transaction early instead of receiving the remainder of the request message.

previewLength Value of Preview Header field. Citrix ADC uses the minimum of this set value and the preview size received on OPTIONS response.

uri URI representing icap service. It is a mandatory argument while creating an icapprofile.

hostHeader ICAP Host Header

userAgent ICAP User Agent Header String

Mode ICAP Mode of operation. It is a mandatory argument while creating an icapprofile.

queryParams Query parameters to be included with ICAP request URI. Entered values should be in arg=value format. For more than one parameters, add & separated values. e.g.: arg1=val1&arg2=val2.

connectionKeepAlive If enabled, Citrix ADC keeps the ICAP connection alive after a transaction to reuse it to send next ICAP request.

allow204 Enable or Disable sending Allow: 204 header in ICAP request.

insertICAPHeaders Insert custom ICAP headers in the ICAP request to send to ICAP server. The headers can be static or can be dynamically constructed using PI Policy Expression. For example, to send static user agent and Client’s IP address, the expression can be specified as “User-Agent: NS-ICAP-Client/V1.0\r\nX-Client-IP: “+CLIENT.IP.SRC+”\r\n”. The Citrix ADC does not check the validity of the specified header name-value. You must manually validate the specified header syntax.

insertHTTPRequest Exact HTTP request, in the form of an expression, which the Citrix ADC encapsulates and sends to the ICAP server. If you set this parameter, the ICAP request is sent using only this header. This can be used when the HTTP header is not available to send or ICAP server only needs part of the incoming HTTP request. The request expression is constrained by the feature for which it is used. The Citrix ADC does not check the validity of this request. You must manually validate the request.

reqTimeout Time, in seconds, within which the remote server should respond to the ICAP-request. If the Netscaler does not receive full response with this time, the specified request timeout action is performed. Zero value disables this timeout functionality.

reqTimeoutAction Name of the action to perform if the Vserver/Server representing the remote service does not respond with any response within the timeout value configured. The Supported actions are

  • BYPASS - This Ignores the remote server response and sends the request/response to Client/Server. * If the ICAP response with Encapsulated headers is not received within the request-timeout value configured, this Ignores the remote ICAP server response and sends the Full request/response to Server/Client.
  • RESET - Reset the client connection by closing it. The client program, such as a browser, will handle this and may inform the user. The client may then resend the request if desired.
  • DROP - Drop the request without sending a response to the user.

logAction Name of the audit message action which would be evaluated on receiving the ICAP response to emit the logs.

devno count stateflag

Example

show icapprofile [profile-name]

ns-icapProfile