ADC CLI Commands

ns-httpProfile

The following operations can be performed on “ns-httpProfile”:

unset set rm add show

unset ns httpProfile

Removes the attributes of the HTTP profile. Attributes for which a default value is available revert to their default values. Refer to the ‘set ns httpProfile’ command for a description of the parameters..Refer to the set ns httpProfile command for meanings of the arguments.

Synopsis

unset ns httpProfile [-dropInvalReqs] [-markHttp09Inval] [-markConnReqInval] [-markTraceReqInval] [-markRfc7230NonCompliantInval] [-markHTTPHeaderExtraWSError] [-cmpOnPush] [-conMultiplex] [-maxReusePool] [-dropExtraCRLF] [-incompHdrDelay] [-webSocket] [-dropExtraData] [-clientIpHdrExpr] [-reqTimeout] [-adptTimeout] [-reqTimeoutAction] [-webLog] [-maxReq] [-persistentETag] [-http2] [-http2MaxHeaderListSize] [-http2MaxFrameSize] [-http2MaxConcurrentStreams] [-http2InitialWindowSize] [-http2HeaderTableSize] [-http2MinSeverConn] [-http2MaxPingFramesPerMin] [-http2MaxSettingsFramesPerMin] [-http2MaxResetFramesPerMin] [-http2MaxEmptyFramesPerMin] [-http2MaxRxResetFramesPerMin] [-http2AltSvcFrame] [-altSvcValue] [-reusePoolTimeout] [-maxHeaderLen] [-rtspTunnel] [-minReUsePool] [-apdexCltRespTimeThreshold] [-http3] [-http3MaxHeaderFieldSectionSize] [-http3MaxHeaderTableSize] [-http3MaxHeaderBlockedStreams] [-http3WebTransport] [-httppipelinebuffsize] [-allowOnlyWordCharactersAndHyphen] [-hostHeaderValidation] [-passProtocolUpgrade] [-http2Direct] [-http2StrictCipher] [-altsvc] [-http2InitialConnWindowSize] [-grpcHoldLimit] [-grpcHoldTimeout] [-grpcLengthDelimitation] [-maxHeaderFieldLen]

set ns httpProfile

Modifies the attributes of an HTTP profile.

Synopsis

set ns httpProfile \[-dropInvalReqs \( ENABLED | DISABLED )] \[-markHttp09Inval \( ENABLED | DISABLED )] \[-markConnReqInval \( ENABLED | DISABLED )] \[-markTraceReqInval \( ENABLED | DISABLED )] \[-markRfc7230NonCompliantInval \( ENABLED | DISABLED )] \[-markHTTPHeaderExtraWSError \( ENABLED | DISABLED )] \[-cmpOnPush \( ENABLED | DISABLED )] \[-conMultiplex \( ENABLED | DISABLED )] \[-maxReusePool <positive\_integer>] \[-dropExtraCRLF \( ENABLED | DISABLED )] \[-incompHdrDelay <positive\_integer>] \[-webSocket \( ENABLED | DISABLED )] \[-rtspTunnel \( ENABLED | DISABLED )] \[-reqTimeout <positive\_integer>] \[-adptTimeout \( ENABLED | DISABLED )] \[-reqTimeoutAction ] \[-dropExtraData \( ENABLED | DISABLED )] \[-webLog \( ENABLED | DISABLED )] \[-clientIpHdrExpr ] \[-maxReq <positive\_integer>] \[-persistentETag \( ENABLED | DISABLED )] \[-http2 \( ENABLED | DISABLED )] \[-http2Direct \( ENABLED | DISABLED )] \[-http2StrictCipher \( ENABLED | DISABLED )] \[-http2AltSvcFrame \( ENABLED | DISABLED )] \[-altsvc \( ENABLED | DISABLED )] \[-altSvcValue ] \[-http2MaxHeaderListSize <positive\_integer>] \[-http2MaxFrameSize <positive\_integer>] \[-http2MaxConcurrentStreams <positive\_integer>] \[-http2InitialConnWindowSize <positive\_integer>] \[-http2InitialWindowSize <positive\_integer>] \[-http2HeaderTableSize <positive\_integer>] \[-http2MinSeverConn <positive\_integer>] \[-http2MaxPingFramesPerMin <positive\_integer>] \[-http2MaxSettingsFramesPerMin <positive\_integer>] \[-http2MaxResetFramesPerMin <positive\_integer>] \[-http2MaxEmptyFramesPerMin <positive\_integer>] \[-http2MaxRxResetFramesPerMin <positive\_integer>] \[-grpcHoldLimit <positive\_integer>] \[-grpcHoldTimeout <positive\_integer>] \[-grpcLengthDelimitation \( ENABLED | DISABLED )] \[-reusePoolTimeout <positive\_integer>] \[-maxHeaderLen <positive\_integer>] \[-maxHeaderFieldLen <positive\_integer>] \[-minReUsePool <positive\_integer>] \[-apdexCltRespTimeThreshold <positive\_integer>] \[-http3 \( ENABLED | DISABLED )] \[-http3MaxHeaderFieldSectionSize <positive\_integer>] \[-http3MaxHeaderTableSize <positive\_integer>] \[-http3MaxHeaderBlockedStreams <positive\_integer>] \[-http3WebTransport \( ENABLED | DISABLED )] \[-httppipelinebuffsize <positive\_integer>] \[-allowOnlyWordCharactersAndHyphen \( ENABLED | DISABLED )] \[-hostHeaderValidation \( ENABLED | DISABLED )] \[-passProtocolUpgrade \( ENABLED | DISABLED )]

Arguments

name Name of the HTTP profile to be modified.

dropInvalReqs Drop invalid HTTP requests or responses.

Possible values: ENABLED, DISABLED Default value: DISABLED

markHttp09Inval Mark HTTP/0.9 requests as invalid.

Possible values: ENABLED, DISABLED Default value: DISABLED

markConnReqInval Mark CONNECT requests as invalid.

Possible values: ENABLED, DISABLED Default value: DISABLED

markTraceReqInval Mark TRACE requests as invalid.

Possible values: ENABLED, DISABLED Default value: DISABLED

markRfc7230NonCompliantInval Mark RFC7230 non-compliant transaction as invalid

Possible values: ENABLED, DISABLED Default value: DISABLED

markHTTPHeaderExtraWSError Mark Http header with extra white space as invalid

Possible values: ENABLED, DISABLED Default value: DISABLED

cmpOnPush Start data compression on receiving a TCP packet with PUSH flag set.

Possible values: ENABLED, DISABLED Default value: DISABLED

conMultiplex Reuse server connections for requests from more than one client connections.

Possible values: ENABLED, DISABLED Default value: ENABLED

maxReusePool Maximum limit on the number of connections, from the Citrix ADC to a particular server that are kept in the reuse pool. This setting is helpful for optimal memory utilization and for reducing the idle connections to the server just after the peak time. Zero implies no limit on reuse pool size. If non-zero value is given, it has to be greater than or equal to the number of running Packet Engines. Default value: 0 Minimum value: 0 Maximum value: 360000

dropExtraCRLF Drop any extra ‘CR’ and ‘LF’ characters present after the header.

Possible values: ENABLED, DISABLED Default value: ENABLED

incompHdrDelay Maximum time to wait, in milliseconds, between incomplete header packets. If the header packets take longer to arrive at Citrix ADC, the connection is silently dropped. Default value: 7000 Minimum value: 1 Maximum value: 360000

webSocket HTTP connection to be upgraded to a web socket connection. Once upgraded, Citrix ADC does not process Layer 7 traffic on this connection.

Possible values: ENABLED, DISABLED Default value: DISABLED

rtspTunnel Allow RTSP tunnel in HTTP. Once application/x-rtsp-tunnelled is seen in Accept or Content-Type header, Citrix ADC does not process Layer 7 traffic on this connection.

Possible values: ENABLED, DISABLED Default value: DISABLED

reqTimeout Time, in seconds, within which the HTTP request must complete. If the request does not complete within this time, the specified request timeout action is executed. Zero disables the timeout. Default value: 0 Minimum value: 0 Maximum value: 86400

adptTimeout Adapts the configured request timeout based on flow conditions. The timeout is increased or decreased internally and applied on the flow.

Possible values: ENABLED, DISABLED Default value: DISABLED

reqTimeoutAction Action to take when the HTTP request does not complete within the specified request timeout duration. You can configure the following actions:

  • RESET - Send RST (reset) to client when timeout occurs.
  • DROP - Drop silently when timeout occurs.
  • Custom responder action - Name of the responder action to trigger when timeout occurs, used to send custom message.

dropExtraData Drop any extra data when server sends more data than the specified content-length.

Possible values: ENABLED, DISABLED Default value: DISABLED

webLog Enable or disable web logging.

Possible values: ENABLED, DISABLED Default value: ENABLED

clientIpHdrExpr Name of the header that contains the real client IP address.

maxReq Maximum number of requests allowed on a single connection. Zero implies no limit on the number of requests. Default value: 0 Minimum value: 0 Maximum value: 65534

persistentETag Generate the persistent Citrix ADC specific ETag for the HTTP response with ETag header.

Possible values: ENABLED, DISABLED Default value: DISABLED

http2 Choose whether to enable support for HTTP/2.

Possible values: ENABLED, DISABLED Default value: DISABLED

http2Direct Choose whether to enable support for Direct HTTP/2.

Possible values: ENABLED, DISABLED Default value: DISABLED

http2StrictCipher Choose whether to enable strict HTTP/2 cipher selection

Possible values: ENABLED, DISABLED Default value: ENABLED

http2AltSvcFrame Choose whether to enable support for sending HTTP/2 ALTSVC frames. When enabled, the ADC sends HTTP/2 ALTSVC frames to HTTP/2 clients, instead of the Alt-Svc response header field. Not applicable to servers.

Possible values: ENABLED, DISABLED Default value: DISABLED

altsvc Choose whether to enable support for Alternative Services.

Possible values: ENABLED, DISABLED Default value: DISABLED

altSvcValue Configure a custom Alternative Services header value that should be inserted in the response to advertise a HTTP/SSL/HTTP_QUIC vserver.

http2MaxHeaderListSize Maximum size of header list that the Citrix ADC is prepared to accept, in bytes. NOTE: The actual plain text header size that the Citrix ADC accepts is limited by maxHeaderLen. Please change maxHeaderLen parameter as well when modifying http2MaxHeaderListSize. Default value: 24576 Minimum value: 8192 Maximum value: 131071

http2MaxFrameSize Maximum size of the frame payload that the Citrix ADC is willing to receive, in bytes. Default value: 16384 Minimum value: 16384 Maximum value: 32768

http2MaxConcurrentStreams Maximum number of concurrent streams that is allowed per connection. Default value: 100 Minimum value: 0 Maximum value: 1000

http2InitialConnWindowSize Initial window size for connection level flow control, in bytes. Default value: 65535 Minimum value: 65535 Maximum value: 67108864

http2InitialWindowSize Initial window size for stream level flow control, in bytes. Default value: 65535 Minimum value: 8192 Maximum value: 20971520

http2HeaderTableSize Maximum size of the header compression table used to decode header blocks, in bytes. Default value: 4096 Minimum value: 0 Maximum value: 131072

http2MinSeverConn Minimum number of HTTP2 connections established to backend server, on receiving HTTP requests from client before multiplexing the streams into the available HTTP/2 connections. Default value: 20 Minimum value: 1 Maximum value: 360000

http2MaxPingFramesPerMin Maximum number of PING frames allowed in HTTP2 connection per minute Default value: 60 Minimum value: 1 Maximum value: 360000

http2MaxSettingsFramesPerMin Maximum number of SETTINGS frames allowed in HTTP2 connection per minute Default value: 15 Minimum value: 1 Maximum value: 360000

http2MaxResetFramesPerMin Maximum number of outgoing RST_STREAM frames allowed in HTTP/2 connection per minute Default value: 90 Minimum value: 1 Maximum value: 360000

http2MaxEmptyFramesPerMin Maximum number of empty frames allowed in HTTP2 connection per minute Default value: 60 Minimum value: 1 Maximum value: 360000

http2MaxRxResetFramesPerMin Maximum number of incoming RST_STREAM frames allowed in HTTP/2 connection per minute Default value: 0 Minimum value: 0 Maximum value: 360000

grpcHoldLimit Maximum size in bytes allowed to buffer gRPC packets till trailer is received Default value: 131072 Minimum value: 0 Maximum value: 33554432

grpcHoldTimeout Maximum time in milliseconds allowed to buffer gRPC packets till trailer is received. The value should be in multiples of 100 Default value: 1000 Minimum value: 0 Maximum value: 180000

grpcLengthDelimitation Set to DISABLED for gRPC without a length delimitation.

Possible values: ENABLED, DISABLED Default value: ENABLED

reusePoolTimeout Idle timeout (in seconds) for server connections in re-use pool. Connections in the re-use pool are flushed, if they remain idle for the configured timeout. Default value: 0 Minimum value: 0 Maximum value: 31536000

maxHeaderLen Number of bytes to be queued to look for complete header before returning error. If complete header is not obtained after queuing these many bytes, request will be marked as invalid and no L7 processing will be done for that TCP connection. Default value: 24820 Minimum value: 2048 Maximum value: 122880

maxHeaderFieldLen Number of bytes allowed for header field for HTTP header. If number of bytes exceeds beyond configured value, then request will be marked invalid Default value: 24820 Minimum value: 2048 Maximum value: 122880

minReUsePool Minimum limit on the number of connections, from the Citrix ADC to a particular server that are kept in the reuse pool. This setting is helpful for optimal memory utilization and for reducing the idle connections to the server just after the peak time. Zero implies no limit on reuse pool size. Default value: 0 Minimum value: 0 Maximum value: 360000

apdexCltRespTimeThreshold This option sets the satisfactory threshold (T) for client response time in milliseconds to be used for APDEX calculations. This means a transaction responding in less than this threshold is considered satisfactory. Transaction responding between T and 4T is considered tolerable. Any transaction responding in more than 4T time is considered frustrating. Citrix ADC maintains stats for such tolerable and frustrating transcations. And client response time related apdex counters are only updated on a vserver which receives clients traffic. Default value: 500 Minimum value: 1 Maximum value: 3600000

http3 Choose whether to enable support for HTTP/3.

Possible values: ENABLED, DISABLED Default value: DISABLED

http3MaxHeaderFieldSectionSize Maximum size of the HTTP/3 header field section, in bytes. Default value: 24576 Minimum value: 8192 Maximum value: 131072

http3MaxHeaderTableSize Maximum size of the HTTP/3 QPACK dynamic header table, in bytes. Default value: 4096 Minimum value: 0 Maximum value: 131072

http3MaxHeaderBlockedStreams Maximum number of HTTP/3 streams that can be blocked while HTTP/3 headers are being decoded. Default value: 100 Minimum value: 1 Maximum value: 500

http3WebTransport Choose whether to enable support for WebTransport over HTTP/3.

Possible values: ENABLED, DISABLED Default value: DISABLED

httppipelinebuffsize Application pipeline request buffering size, in bytes. Default value: 131072 Minimum value: 131072 Maximum value: 20971520

allowOnlyWordCharactersAndHyphen When enabled allows only the word characters [A-Za-z0-9_] and hyphen [-] in the request/response header names and the connection will be reset for the other characters. When disabled allows any visible (printing) characters (%21-%7E) except delimiters (double quotes and “(),/:;<=>?@[]{}”).

Possible values: ENABLED, DISABLED Default value: DISABLED

hostHeaderValidation Validates the length of the Host header and its syntax. Also includes validation of the port number if specified

Possible values: ENABLED, DISABLED Default value: DISABLED

passProtocolUpgrade Pass protocol upgrade request to the server.

Possible values: ENABLED, DISABLED Default value: ENABLED

Example

set httpprofile -dropInvalReqs ON -markHttp09Inval ON

rm ns httpProfile

Removes an HTTP profile from the appliance.

Synopsis

rm ns httpProfile

Arguments

name Name of the HTTP profile to be removed.

Example

rm httpprofile

add ns httpProfile

Adds an HTTP profile to the Citrix ADC.

Synopsis

add ns httpProfile \[-dropInvalReqs \( ENABLED | DISABLED )] \[-markHttp09Inval \( ENABLED | DISABLED )] \[-markConnReqInval \( ENABLED | DISABLED )] \[-markTraceReqInval \( ENABLED | DISABLED )] \[-markRfc7230NonCompliantInval \( ENABLED | DISABLED )] \[-markHTTPHeaderExtraWSError \( ENABLED | DISABLED )] \[-cmpOnPush \( ENABLED | DISABLED )] \[-conMultiplex \( ENABLED | DISABLED )] \[-maxReusePool <positive\_integer>] \[-dropExtraCRLF \( ENABLED | DISABLED )] \[-incompHdrDelay <positive\_integer>] \[-webSocket \( ENABLED | DISABLED )] \[-rtspTunnel \( ENABLED | DISABLED )] \[-reqTimeout <positive\_integer>] \[-adptTimeout \( ENABLED | DISABLED )] \[-reqTimeoutAction ] \[-dropExtraData \( ENABLED | DISABLED )] \[-webLog \( ENABLED | DISABLED )] \[-clientIpHdrExpr ] \[-maxReq <positive\_integer>] \[-persistentETag \( ENABLED | DISABLED )] \[-http2 \( ENABLED | DISABLED )] \[-http2Direct \( ENABLED | DISABLED )] \[-http2StrictCipher \( ENABLED | DISABLED )] \[-http2AltSvcFrame \( ENABLED | DISABLED )] \[-altsvc \( ENABLED | DISABLED )] \[-altSvcValue ] \[-reusePoolTimeout <positive\_integer>] \[-maxHeaderLen <positive\_integer>] \[-maxHeaderFieldLen <positive\_integer>] \[-minReUsePool <positive\_integer>] \[-http2MaxHeaderListSize <positive\_integer>] \[-http2MaxFrameSize <positive\_integer>] \[-http2MaxConcurrentStreams <positive\_integer>] \[-http2InitialConnWindowSize <positive\_integer>] \[-http2InitialWindowSize <positive\_integer>] \[-http2HeaderTableSize <positive\_integer>] \[-http2MinSeverConn <positive\_integer>] \[-http2MaxPingFramesPerMin <positive\_integer>] \[-http2MaxSettingsFramesPerMin <positive\_integer>] \[-http2MaxResetFramesPerMin <positive\_integer>] \[-http2MaxEmptyFramesPerMin <positive\_integer>] \[-http2MaxRxResetFramesPerMin <positive\_integer>] \[-grpcHoldLimit <positive\_integer>] \[-grpcHoldTimeout <positive\_integer>] \[-grpcLengthDelimitation \( ENABLED | DISABLED )] \[-apdexCltRespTimeThreshold <positive\_integer>] \[-http3 \( ENABLED | DISABLED )] \[-http3MaxHeaderFieldSectionSize <positive\_integer>] \[-http3MaxHeaderTableSize <positive\_integer>] \[-http3MaxHeaderBlockedStreams <positive\_integer>] \[-http3WebTransport \( ENABLED | DISABLED )] \[-httppipelinebuffsize <positive\_integer>] \[-allowOnlyWordCharactersAndHyphen \( ENABLED | DISABLED )] \[-hostHeaderValidation \( ENABLED | DISABLED )] \[-passProtocolUpgrade \( ENABLED | DISABLED )]

Arguments

name Name for an HTTP profile. Must begin with a letter, number, or the underscore (_) character. Other characters allowed, after the first character, are the hyphen (-), period (.), hash (#), space ( ), at (@), colon (:), and equal (=) characters. The name of a HTTP profile cannot be changed after it is created.

CLI Users: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my http profile” or ‘my http profile’).

dropInvalReqs Drop invalid HTTP requests or responses.

Possible values: ENABLED, DISABLED Default value: DISABLED

markHttp09Inval Mark HTTP/0.9 requests as invalid.

Possible values: ENABLED, DISABLED Default value: DISABLED

markConnReqInval Mark CONNECT requests as invalid.

Possible values: ENABLED, DISABLED Default value: DISABLED

markTraceReqInval Mark TRACE requests as invalid.

Possible values: ENABLED, DISABLED Default value: DISABLED

markRfc7230NonCompliantInval Mark RFC7230 non-compliant transaction as invalid

Possible values: ENABLED, DISABLED Default value: DISABLED

markHTTPHeaderExtraWSError Mark Http header with extra white space as invalid

Possible values: ENABLED, DISABLED Default value: DISABLED

cmpOnPush Start data compression on receiving a TCP packet with PUSH flag set.

Possible values: ENABLED, DISABLED Default value: DISABLED

conMultiplex Reuse server connections for requests from more than one client connections.

Possible values: ENABLED, DISABLED Default value: ENABLED

maxReusePool Maximum limit on the number of connections, from the Citrix ADC to a particular server that are kept in the reuse pool. This setting is helpful for optimal memory utilization and for reducing the idle connections to the server just after the peak time. Zero implies no limit on reuse pool size. If non-zero value is given, it has to be greater than or equal to the number of running Packet Engines. Default value: 0 Minimum value: 0 Maximum value: 360000

dropExtraCRLF Drop any extra ‘CR’ and ‘LF’ characters present after the header.

Possible values: ENABLED, DISABLED Default value: ENABLED

incompHdrDelay Maximum time to wait, in milliseconds, between incomplete header packets. If the header packets take longer to arrive at Citrix ADC, the connection is silently dropped. Default value: 7000 Minimum value: 1 Maximum value: 360000

webSocket HTTP connection to be upgraded to a web socket connection. Once upgraded, Citrix ADC does not process Layer 7 traffic on this connection.

Possible values: ENABLED, DISABLED Default value: DISABLED

rtspTunnel Allow RTSP tunnel in HTTP. Once application/x-rtsp-tunnelled is seen in Accept or Content-Type header, Citrix ADC does not process Layer 7 traffic on this connection.

Possible values: ENABLED, DISABLED Default value: DISABLED

reqTimeout Time, in seconds, within which the HTTP request must complete. If the request does not complete within this time, the specified request timeout action is executed. Zero disables the timeout. Default value: 0 Minimum value: 0 Maximum value: 86400

adptTimeout Adapts the configured request timeout based on flow conditions. The timeout is increased or decreased internally and applied on the flow.

Possible values: ENABLED, DISABLED Default value: DISABLED

reqTimeoutAction Action to take when the HTTP request does not complete within the specified request timeout duration. You can configure the following actions:

  • RESET - Send RST (reset) to client when timeout occurs.
  • DROP - Drop silently when timeout occurs.
  • Custom responder action - Name of the responder action to trigger when timeout occurs, used to send custom message.

dropExtraData Drop any extra data when server sends more data than the specified content-length.

Possible values: ENABLED, DISABLED Default value: DISABLED

webLog Enable or disable web logging.

Possible values: ENABLED, DISABLED Default value: ENABLED

clientIpHdrExpr Name of the header that contains the real client IP address.

maxReq Maximum number of requests allowed on a single connection. Zero implies no limit on the number of requests. Default value: 0 Minimum value: 0 Maximum value: 65534

persistentETag Generate the persistent Citrix ADC specific ETag for the HTTP response with ETag header.

Possible values: ENABLED, DISABLED Default value: DISABLED

http2 Choose whether to enable support for HTTP/2.

Possible values: ENABLED, DISABLED Default value: DISABLED

http2Direct Choose whether to enable support for Direct HTTP/2.

Possible values: ENABLED, DISABLED Default value: DISABLED

http2StrictCipher Choose whether to enable strict HTTP/2 cipher selection

Possible values: ENABLED, DISABLED Default value: ENABLED

http2AltSvcFrame Choose whether to enable support for sending HTTP/2 ALTSVC frames. When enabled, the ADC sends HTTP/2 ALTSVC frames to HTTP/2 clients, instead of the Alt-Svc response header field. Not applicable to servers.

Possible values: ENABLED, DISABLED Default value: DISABLED

altsvc Choose whether to enable support for Alternative Services.

Possible values: ENABLED, DISABLED Default value: DISABLED

altSvcValue Configure a custom Alternative Services header value that should be inserted in the response to advertise a HTTP/SSL/HTTP_QUIC vserver.

reusePoolTimeout Idle timeout (in seconds) for server connections in re-use pool. Connections in the re-use pool are flushed, if they remain idle for the configured timeout. Default value: 0 Minimum value: 0 Maximum value: 31536000

maxHeaderLen Number of bytes to be queued to look for complete header before returning error. If complete header is not obtained after queuing these many bytes, request will be marked as invalid and no L7 processing will be done for that TCP connection. Default value: 24820 Minimum value: 2048 Maximum value: 122880

maxHeaderFieldLen Number of bytes allowed for header field for HTTP header. If number of bytes exceeds beyond configured value, then request will be marked invalid Default value: 24820 Minimum value: 2048 Maximum value: 122880

minReUsePool Minimum limit on the number of connections, from the Citrix ADC to a particular server that are kept in the reuse pool. This setting is helpful for optimal memory utilization and for reducing the idle connections to the server just after the peak time. Zero implies no limit on reuse pool size. Default value: 0 Minimum value: 0 Maximum value: 360000

http2MaxHeaderListSize Maximum size of header list that the Citrix ADC is prepared to accept, in bytes. NOTE: The actual plain text header size that the Citrix ADC accepts is limited by maxHeaderLen. Please change maxHeaderLen parameter as well when modifying http2MaxHeaderListSize. Default value: 24576 Minimum value: 8192 Maximum value: 131071

http2MaxFrameSize Maximum size of the frame payload that the Citrix ADC is willing to receive, in bytes. Default value: 16384 Minimum value: 16384 Maximum value: 32768

http2MaxConcurrentStreams Maximum number of concurrent streams that is allowed per connection. Default value: 100 Minimum value: 0 Maximum value: 1000

http2InitialConnWindowSize Initial window size for connection level flow control, in bytes. Default value: 65535 Minimum value: 65535 Maximum value: 67108864

http2InitialWindowSize Initial window size for stream level flow control, in bytes. Default value: 65535 Minimum value: 8192 Maximum value: 20971520

http2HeaderTableSize Maximum size of the header compression table used to decode header blocks, in bytes. Default value: 4096 Minimum value: 0 Maximum value: 131072

http2MinSeverConn Minimum number of HTTP2 connections established to backend server, on receiving HTTP requests from client before multiplexing the streams into the available HTTP/2 connections. Default value: 20 Minimum value: 1 Maximum value: 360000

http2MaxPingFramesPerMin Maximum number of PING frames allowed in HTTP2 connection per minute Default value: 60 Minimum value: 1 Maximum value: 360000

http2MaxSettingsFramesPerMin Maximum number of SETTINGS frames allowed in HTTP2 connection per minute Default value: 15 Minimum value: 1 Maximum value: 360000

http2MaxResetFramesPerMin Maximum number of outgoing RST_STREAM frames allowed in HTTP/2 connection per minute Default value: 90 Minimum value: 1 Maximum value: 360000

http2MaxEmptyFramesPerMin Maximum number of empty frames allowed in HTTP2 connection per minute Default value: 60 Minimum value: 1 Maximum value: 360000

http2MaxRxResetFramesPerMin Maximum number of incoming RST_STREAM frames allowed in HTTP/2 connection per minute Default value: 0 Minimum value: 0 Maximum value: 360000

grpcHoldLimit Maximum size in bytes allowed to buffer gRPC packets till trailer is received Default value: 131072 Minimum value: 0 Maximum value: 33554432

grpcHoldTimeout Maximum time in milliseconds allowed to buffer gRPC packets till trailer is received. The value should be in multiples of 100 Default value: 1000 Minimum value: 0 Maximum value: 180000

grpcLengthDelimitation Set to DISABLED for gRPC without a length delimitation.

Possible values: ENABLED, DISABLED Default value: ENABLED

apdexCltRespTimeThreshold This option sets the satisfactory threshold (T) for client response time in milliseconds to be used for APDEX calculations. This means a transaction responding in less than this threshold is considered satisfactory. Transaction responding between T and 4T is considered tolerable. Any transaction responding in more than 4T time is considered frustrating. Citrix ADC maintains stats for such tolerable and frustrating transcations. And client response time related apdex counters are only updated on a vserver which receives clients traffic. Default value: 500 Minimum value: 1 Maximum value: 3600000

http3 Choose whether to enable support for HTTP/3.

Possible values: ENABLED, DISABLED Default value: DISABLED

http3MaxHeaderFieldSectionSize Maximum size of the HTTP/3 header field section, in bytes. Default value: 24576 Minimum value: 8192 Maximum value: 131072

http3MaxHeaderTableSize Maximum size of the HTTP/3 QPACK dynamic header table, in bytes. Default value: 4096 Minimum value: 0 Maximum value: 131072

http3MaxHeaderBlockedStreams Maximum number of HTTP/3 streams that can be blocked while HTTP/3 headers are being decoded. Default value: 100 Minimum value: 1 Maximum value: 500

http3WebTransport Choose whether to enable support for WebTransport over HTTP/3.

Possible values: ENABLED, DISABLED Default value: DISABLED

httppipelinebuffsize Application pipeline request buffering size, in bytes. Default value: 131072 Minimum value: 131072 Maximum value: 20971520

allowOnlyWordCharactersAndHyphen When enabled allows only the word characters [A-Za-z0-9_] and hyphen [-] in the request/response header names and the connection will be reset for the other characters. When disabled allows any visible (printing) characters (%21-%7E) except delimiters (double quotes and “(),/:;<=>?@[]{}”).

Possible values: ENABLED, DISABLED Default value: DISABLED

hostHeaderValidation Validates the length of the Host header and its syntax. Also includes validation of the port number if specified

Possible values: ENABLED, DISABLED Default value: DISABLED

passProtocolUpgrade Pass protocol upgrade request to the server.

Possible values: ENABLED, DISABLED Default value: ENABLED

Example

add httpprofile -dropInvalReqs ON -markHttp09Inval ON

show ns httpProfile

Displays information about HTTP profiles configured on the appliance.

Synopsis

show ns httpProfile []

Arguments

name Name of the HTTP profile to be displayed. If a name is not provided, information about all HTTP profiles is shown.

Output

dropInvalReqs Dropping of invalid HTTP requests/responses

markHttp09Inval Invalidating HTTP 0.9 requests

markConnReqInval Invalidating CONNECT HTTP requests

markTraceReqInval Invalidating TRACE HTTP requests

markRfc7230NonCompliantInval Invalidating RFC7230 Non-Compliant

markHTTPHeaderExtraWSError Mark Http header with extra white space as invalid

cmpOnPush Compression on PUSH packet

conMultiplex Reuse server connections for requests from more than one client connections.

maxReusePool Maximum connections in reusepool

webSocket HTTP connection to be upgraded to a web socket connection. Once upgraded, Citrix ADC does not process Layer 7 traffic on this connection.

refCnt Number of entities using this profile

stateflag State flag

dropExtraCRLF Drop any extra ‘CR’ and ‘LF’ characters present after the header.

incompHdrDelay Maximum time to wait, in milliseconds, between incomplete header packets. If the header packets take longer to arrive at Citrix ADC, the connection is silently dropped.

reqTimeout Time, in seconds, within which the HTTP request must complete. If the request does not complete within this time, the specified request timeout action is executed. Zero disables the timeout.

adptTimeout Adapts the configured request timeout based on flow conditions. The timeout is increased or decreased internally and applied on the flow.

reqTimeoutAction Action to take when the HTTP request does not complete within the specified request timeout duration. You can configure the following actions:

  • RESET - Send RST (reset) to client when timeout occurs.
  • DROP - Drop silently when timeout occurs.
  • Custom responder action - Name of the responder action to trigger when timeout occurs, used to send custom message.

dropExtraData Drop any extra data when server sends more data than the specified content-length.

webLog Disabling weblog option

clientIpHdrExpr Name of the header that contains the real client IP address.

maxReq Maximum number of requests allowed on a single connection. Zero implies no limit on the number of requests.

persistentETag Generate the persistent Citrix ADC specific ETag for the HTTP response with ETag header.

http2 Choose whether to enable support for HTTP/2.

http2Direct Choose whether to enable support for Direct HTTP/2.

http2StrictCipher Choose whether to enable strict HTTP/2 cipher selection

http2AltSvcFrame Choose whether to enable support for sending HTTP/2 ALTSVC frames. When enabled, the ADC sends HTTP/2 ALTSVC frames to HTTP/2 clients, instead of the Alt-Svc response header field. Not applicable to servers.

altsvc Choose whether to enable support for Alternative Services.

altSvcValue Configure a custom Alternative Services header value that should be inserted in the response to advertise a HTTP/SSL/HTTP_QUIC vserver.

http2MaxHeaderListSize Maximum size of header list that the Citrix ADC is prepared to accept, in bytes. NOTE: The actual plain text header size that the Citrix ADC accepts is limited by maxHeaderLen. Please change maxHeaderLen parameter as well when modifying http2MaxHeaderListSize.

http2MaxFrameSize Maximum size of the frame payload that the Citrix ADC is willing to receive, in bytes.

http2MaxConcurrentStreams Maximum number of concurrent streams that is allowed per connection.

http2InitialConnWindowSize Initial window size for connection level flow control, in bytes.

http2InitialWindowSize Initial window size for stream level flow control, in bytes.

http2HeaderTableSize Maximum size of the header compression table used to decode header blocks, in bytes.

http2MinSeverConn Minimum number of HTTP2 connections established to backend server, on receiving HTTP requests from client before multiplexing the streams into the available HTTP/2 connections.

http2MaxPingFramesPerMin Maximum number of PING frames allowed in HTTP2 connection per minute

http2MaxSettingsFramesPerMin Maximum number of SETTINGS frames allowed in HTTP2 connection per minute

http2MaxResetFramesPerMin Maximum number of outgoing RST_STREAM frames allowed in HTTP/2 connection per minute

http2MaxEmptyFramesPerMin Maximum number of empty frames allowed in HTTP2 connection per minute

http2MaxRxResetFramesPerMin Maximum number of incoming RST_STREAM frames allowed in HTTP/2 connection per minute

grpcHoldLimit Maximum size in bytes allowed to buffer gRPC packets till trailer is received

grpcHoldTimeout Maximum time in milliseconds allowed to buffer gRPC packets till trailer is received. The value should be in multiples of 100

grpcLengthDelimitation Set to DISABLED for gRPC without a length delimitation.

reusePoolTimeout Idle timeout (in seconds) for server connections in re-use pool. Connections in the re-use pool are flushed, if they remain idle for the configured timeout.

maxHeaderLen Number of bytes to be queued to look for complete header before returning error. If complete header is not obtained after queuing these many bytes, request will be marked as invalid and no L7 processing will be done for that TCP connection.

maxHeaderFieldLen Number of bytes allowed for header field for HTTP header. If number of bytes exceeds beyond configured value, then request will be marked invalid

rtspTunnel Allow RTSP tunnel in HTTP. Once application/x-rtsp-tunnelled is seen in Accept or Content-Type header, Citrix ADC does not process Layer 7 traffic on this connection.

minReUsePool Minimum limit on the number of connections, from the Citrix ADC to a particular server that are kept in the reuse pool. This setting is helpful for optimal memory utilization and for reducing the idle connections to the server just after the peak time. Zero implies no limit on reuse pool size.

builtin Flag to determine if http profile is built-in or not

apdexSvrRespTimeThreshold This option sets the satisfactory threshold (T) for server response time in milliseconds to be used for APDEX calculations. This means a transaction responding in less than this threshold is considered satisfactory. Transaction responding between T and 4T is considered tolerable. Any transaction responding in more than 4T time is considered frustrating. Citrix ADC maintains stats for such tolerable and frustrating transcations. Server Response time related apdex counters are only updated on backend services or a backend vserver which is not accepting client traffic.

apdexCltRespTimeThreshold This option sets the satisfactory threshold (T) for client response time in milliseconds to be used for APDEX calculations. This means a transaction responding in less than this threshold is considered satisfactory. Transaction responding between T and 4T is considered tolerable. Any transaction responding in more than 4T time is considered frustrating. Citrix ADC maintains stats for such tolerable and frustrating transcations. And client response time related apdex counters are only updated on a vserver which receives clients traffic.

http3 Choose whether to enable support for HTTP/3.

http3MaxHeaderFieldSectionSize Maximum size of the HTTP/3 header field section, in bytes.

http3MaxHeaderTableSize Maximum size of the HTTP/3 QPACK dynamic header table, in bytes.

http3MaxHeaderBlockedStreams Maximum number of HTTP/3 streams that can be blocked while HTTP/3 headers are being decoded.

http3WebTransport Choose whether to enable support for WebTransport over HTTP/3.

httppipelinebuffsize Application pipeline request buffering size, in bytes.

allowOnlyWordCharactersAndHyphen Allow only word character hyphen [A-Za-z0-9_]

hostHeaderValidation Host header validation

dropInvalreqsWarning Display warning if Drop invalid reqs is disabled in the profile

passProtocolUpgrade Pass protocol upgrade request to the server.

feature The feature to be checked while applying this config

devno count

Example

show http profile [profile name]

ns-httpProfile