ADC CLI Commands

policy-patset

The following operations can be performed on “policy-patset”:

add rm set bind show unset unbind

add policy patset

Adds a pattern set. A pattern set contains a name and one or more string patterns. Pattern sets can be used in expressions to match a set of strings. For example, HTTP.REQ.URL.EQUALS_ANY(“test_urls”), where test_urls is a pattern set containing URL strings. Pattern sets can also be used in the search parameter of a rewrite action. Each string pattern is assigned an index that enables you to select the associated string from the set. The patset file option can be used to bind the patterns contained in a file, which is imported from Citrix ADC or from an external location (please check import/add/update patsetfile). A patset can be configured with at most one patsetfile

Synopsis

add policy patset \[-comment ] \[-patsetFile ] \[-dynamic \( YES | NO )]

Arguments

name Unique name of the pattern set. Not case sensitive. Must begin with an ASCII letter or underscore (_) character and must contain only alphanumeric and underscore characters. Must not be the name of an existing named expression, pattern set, dataset, string map, or HTTP callout.

comment Any comments to preserve information about this patset or a pattern bound to this patset.

patsetFile File which contains list of patterns that needs to be bound to the patset. A patsetfile cannot be associated with multiple patsets.

dynamic This is used to populate internal patset information so that the patset can also be used dynamically in an expression. Here dynamically means the patset name can also be derived using an expression. For example for a given patset name “allow_test” it can be used dynamically as http.req.url.contains_any(“allow_” + http.req.url.path.get(1)). This cannot be used with default patsets.

Possible values: YES, NO Default value: NO

Example

add policy patset pat1

rm policy patset

Removes a pattern set. If the pattern set is used by an expression in another object, such as a policy, you must remove the object before removing the pattern set.

Synopsis

rm policy patset

Arguments

name Name of the pattern set to remove.

Example

rm policy patset pat1

set policy patset

Sets the supported attribute on a given patset.

Synopsis

set policy patset \[-dynamic \( YES | NO )]

Arguments

name Unique name of the pattern set. Not case sensitive. Must begin with an ASCII letter or underscore (_) character and must contain only alphanumeric and underscore characters. Must not be the name of an existing named expression, pattern set, dataset, string map, or HTTP callout.

dynamic This is used to populate internal patset information so that the patset can also be used dynamically in an expression. Here dynamically means the patset name can also be derived using an expression. For example for a given patset name “allow_test” it can be used dynamically as http.req.url.contains_any(“allow_” + http.req.url.path.get(1)). This cannot be used with default patsets.

Possible values: YES, NO Default value: NO

Example

set policy patset pat1 -dynamic yes

bind policy patset

Binds a string to a pattern set. User can bind 50,000 patterns to a pattern set. With the pattern set file, only 10,000 patterns can be bound. If the pattern set is used in a streaming case, then only 5,000 patterns can be bound to that pattern set. A pattern set is used in a streaming case when it is used in an HTTP body expression, a TCP payload expression, or the rewrite action search parameter. NOTE: With smaller number of patterns, user can see better performance at the configuration time.

Synopsis

bind policy patset \[-index <positive\_integer>] \[-charset \( ASCII | UTF\_8 )] \[-comment ]

Arguments

name Name of the pattern set to which to bind the string.

string String of characters that constitutes a pattern. For more information about the characters that can be used, refer to the character set parameter. Note: Minimum length for pattern sets used in rewrite actions of type REPLACE_ALL, DELETE_ALL, INSERT_AFTER_ALL, and INSERT_BEFORE_ALL, is three characters.

index Integer that identifies the string pattern within the pattern set. You can assign index values or allow them to be assigned automatically. If you specify an index for the first pattern that you bind to the set, you must do so for each subsequent pattern. If you do not specify an index for the first pattern, the Citrix ADC generates an index. If you subsequently specify an index when binding a pattern to the set, an error message appears. The pattern index of a matching pattern can be used within expressions. For example, HTTP.REQ.URL.EQUALS_INDEX(“test_url”).EQ(5), returns true if the request URL matches the strings in the test_url pattern set with index 5. Minimum value: 1 Maximum value: 4294967290

charset Character set associated with the characters in the string. Note: UTF-8 characters can be entered directly (if the UI supports it) or can be encoded as a sequence of hexadecimal bytes ‘\xNN’. For example, the UTF-8 character ‘ü’ can be encoded as ‘\xC3\xBC’.

Possible values: ASCII, UTF_8

comment Any comments to preserve information about this patset or a pattern bound to this patset.

Example

bind policy patset pat1 bar -index 2

show policy patset

Displays the list of pattern sets configured on the appliance.

Synopsis

show policy patset [] [-dynamicOnly]

Arguments

name Name of the pattern set for which to display the detailed information. If a name is not provided, a list of all pattern sets configured on the appliance is shown.

dynamicOnly Shows only dynamic patsets when set true. Default value: 0

Output

stateflag string String of characters that constitutes a pattern. For more information about the characters that can be used, refer to the character set parameter. Note: Minimum length for pattern sets used in rewrite actions of type REPLACE_ALL, DELETE_ALL, INSERT_AFTER_ALL, and INSERT_BEFORE_ALL, is three characters.

index The index of the string associated with the patset.

charset Character set associated with the characters in the string. Note: UTF-8 characters can be entered directly (if the UI supports it) or can be encoded as a sequence of hexadecimal bytes ‘\xNN’. For example, the UTF-8 character ‘ü’ can be encoded as ‘\xC3\xBC’.

isDefault builtin Indicates that a variable is a built-in (SYSTEM INTERNAL) type.

feature The feature to be checked while applying this config

MaxIndex Maximum number of patterns bounded to pattern set. The maxindex value will not be decreased when we unbind a pattern from the patset. This field is used in auto-generated indexing type.

comment Any comments to preserve information about this patset or a pattern bound to this patset.

patsetFile File which contains list of patterns that needs to be bound to the patset. A patsetfile cannot be associated with multiple patsets.

dynamic This is used to populate internal patset information so that the patset can also be used dynamically in an expression. Here dynamically means the patset name can also be derived using an expression. For example for a given patset name “allow_test” it can be used dynamically as http.req.url.contains_any(“allow_” + http.req.url.path.get(1)). This cannot be used with default patsets.

devno count

Example

show policy patset pat1

unset policy patset

Use this command to remove policy patset settings.Refer to the set policy patset command for meanings of the arguments.

Synopsis

unset policy patset [-dynamic]

unbind policy patset

Unbinds a string from a pattern set.

Synopsis

unbind policy patset ...

Arguments

name Name of the pattern set from which to unbind a string.

string String of characters to unbind from the pattern set.

Example

unbind policy patset pat1 bar xyz

policy-patset