ADC CLI Commands

authorization-policy

The following operations can be performed on “authorization-policy”:

rm rename show set add

rm authorization policy

Removes an authorization policy.

Synopsis

rm authorization policy

Arguments

name Name of the authorization policy to be removed.

rename authorization policy

Rename a author policy.

Synopsis

rename authorization policy @ @

Arguments

name The name of the author policy.

newName The new name of the author policy.

Example

rename auth policy oldname newname

show authorization policy

Displays the current settings for the specified authorization policy. If no policy name is provided, displays a list of all authorization policies currently configured on the Citrix ADC.

Synopsis

show authorization policy []

Arguments

name Name of the authorization policy.

Output

rule Rule of the policy.

action Authorization action associated with the policy. It can be either ALLOW or DENY.

boundTo The entity name to which policy is bound

activePolicy Indicates whether policy is bound or not.

priority flag bindPolicyType policyType vserverType expressionType Type of policy (Classic/Advanced)

hits Number of hits.

type devno count stateflag

set authorization policy

Configures the specified parameters of an authorization policy.

Synopsis

set authorization policy [-rule ] [-action ]

Arguments

name Name of the authorization policy to modify.

rule Name of the Citrix ADC named rule, or an expression, that the policy uses to perform the authentication.

action Action to perform if the policy matches: either allow or deny the request.

add authorization policy

Creates an authorization policy. Authorization policies allow AAA users and AAA groups to access resources through SSL VPN/AAA-TM enabled virtual servers.

Synopsis

add authorization policy

Arguments

name Name for the new authorization policy. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after the authorization policy is added.

The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my authorization policy” or ‘my authorization policy’).

rule Name of the Citrix ADC named rule, or an expression, that the policy uses to perform the authentication.

action Action to perform if the policy matches: either allow or deny the request.

Example

Example: Consider the following authorization policy, “author-policy”,

add authorization policy author-policy “URL == /*.gif” DENY bind aaa user foo -policy author-policy

If the user “foo” now logs in through the SSL VPN and makes any other request except “gif”, the rule will be evaluated to FALSE, and the negetion of DENY, i.e. ALLOW, will be applied. So all those resource will implicitly be allowed to access. If “foo” tries to accesss “abc.gif” this access will be denied.

authorization-policy