ADC CLI Commands

contentinspection-policy

The following operations can be performed on “contentinspection-policy”:

unset add show rm set rename stat

unset contentinspection policy

Removes the settings of an existing contentInspection policy. Attributes for which a default value is available revert to their default values. See the set contentInspection policy command for descriptions of the parameters..Refer to the set contentinspection policy command for meanings of the arguments.

Synopsis

unset contentinspection policy [-undefAction] [-comment] [-logAction]

Example

unset contentInspection policy pol9 -undefAction

add contentinspection policy

Creates a contentInspection policy, which specifies requests that the Citrix ADC intercepts and executes the specified action.

Synopsis

add contentinspection policy -rule -action [-undefAction ] [-comment ] [-logAction ]

Arguments

name Name for the contentInspection policy. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Can be changed after the contentInspection policy is added.

The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my contentInspection policy” or ‘my contentInspection policy’).

rule Expression that the policy uses to determine whether to execute the specified action.

action Name of the contentInspection action to perform if the request matches this contentInspection policy. There are also some built-in actions which can be used. These are: - NOINSPECTION - Send the request from the client to the server or response from the server to the client without sending it to Inspection device for Content Inspection. - RESET - Resets the client connection by closing it. The client program, such as a browser, will handle this and may inform the user. The client may then resend the request if desired. - DROP - Drop the request without sending a response to the user.

undefAction Action to perform if the result of policy evaluation is undefined (UNDEF). An UNDEF event indicates an internal error condition. Only the above built-in actions can be used.

comment Any type of information about this contentInspection policy.

logAction Name of the messagelog action to use for requests that match this policy.

Example

i) add contentInspection policy pol9 -rule “HTTP.REQ.URL.URL_CATEGORIZE(0,0).CATEGORY.EQ(\“Malware\”)” -action AV_ACTION

show contentinspection policy

Displays the current settings for the specified contentInspection policy. If no policy name is specified, displays a list of all contentInspection policies currently configured on the Citrix ADC, with abbreviated settings.

Synopsis

show contentinspection policy [] show contentinspection policy stats - alias for 'stat contentinspection policy'

Arguments

name Name of the contentInspection policy for which to display settings.

Output

stateflag rule Rule of the policy.

action CI action associated with the policy.

undefAction UNDEF action associated with the policy.

hits Number of hits.

undefHits Number of policy UNDEF hits.

activePolicy Indicates whether policy is bound or not.

boundTo Location where policy is bound

priority Specifies the priority of the policy.

gotoPriorityExpression Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.

labelType Type of policy label invocation.

labelName Name of the label to invoke if the current policy rule evaluates to TRUE.

comment Any type of information about this contentInspection policy.

logAction Name of the messagelog action to use for requests that match this policy.

bindPolicyType vserverType builtin Flag to determine if contentInspection policy is built-in or not

feature The feature to be checked while applying this config

type devno count

Example

show contentInspection policy

rm contentinspection policy

Removes the specified contentInspection policy.

Synopsis

rm contentinspection policy

Arguments

name Name of the contentInspection policy to remove.

Example

rm contentInspection policy pol9

set contentinspection policy

Modifies the rule, action or comment portion of the specified contentInspection policy.

Synopsis

set contentinspection policy [-rule ] [-action ] [-undefAction ] [-comment ] [-logAction ]

Arguments

name Name of the contentInspection policy.

rule Expression that the policy uses to determine whether to execute the specified action.

action Name of the contentInspection action to perform if the request matches this contentInspection policy. There are also some built-in actions which can be used. These are: - NOINSPECTION - Send the request from the client to the server or response from the server to the client without sending it to Inspection device for Content Inspection. - RESET - Resets the client connection by closing it. The client program, such as a browser, will handle this and may inform the user. The client may then resend the request if desired. - DROP - Drop the request without sending a response to the user.

undefAction Action to perform if the result of policy evaluation is undefined (UNDEF). An UNDEF event indicates an internal error condition. Only the above built-in actions can be used.

comment Any type of information about this contentInspection policy.

logAction Name of the messagelog action to use for requests that match this policy.

Example

set contentInspection policy pol9 -rule “HTTP.REQ.HEADER(\“header\”).CONTAINS(\“qh2\”)”

rename contentinspection policy

Renames the specified contentInspection policy.

Synopsis

rename contentinspection policy @ @

Arguments

name Existing name of the contentInspection policy.

newName New name for the contentInspection policy. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) hash (#), space ( ), at (@), equals (=), colon (:), and underscore characters.

The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my contentInspection policy” or ‘my contentInspection policy’).

Example

rename contentInspection policy oldname newname

stat contentinspection policy

Displays statistics for all contentInspection policies currently configured on the Citrix ADC, or detailed statistics for the specified policy.

Synopsis

stat contentinspection policy [] \[-detail] \[-fullValues] \[-ntimes <positive\_integer>] \[-logFile <input\_filename>] \[-clearstats \( basic | full )]

Arguments

name Name of the contentInspection policy for which to show detailed statistics.

detail Specifies detailed output (including more statistics). The output can be quite voluminous. Without this argument, the output will show only a summary.

fullValues Specifies that numbers and strings should be displayed in their full form. Without this option, long strings are shortened and large numbers are abbreviated

ntimes The number of times, in intervals of seven seconds, the statistics should be displayed. Default value: 1 Minimum value: 0

logFile The name of the log file to be used as input.

clearstats Clear the statsistics / counters

Possible values: basic, full

Output

count devno stateflag

Counters

Policy hits (Hits) Number of hits on the policy

Policy undef hits (Undefhits) Number of undef hits on the policy

contentinspection-policy