ADC CLI Commands

ssl-policy

The following operations can be performed on “ssl-policy”:

add rm unset show set

add ssl policy

Adds an SSL policy. An SSL policy evaluates incoming traffic and applies a predefined action to requests that match a rule (expression). You have to configure the actions before creating the policies, so that you can specify an action when you create a policy.

Synopsis

add ssl policy -rule [-action ] [-undefAction ] [-comment ]

Arguments

name Name for the new SSL policy. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the policy is created.

The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my policy” or ‘my policy’).

rule Expression, against which traffic is evaluated.

The following requirements apply only to the Citrix ADC CLI:

  • If the expression includes one or more spaces, enclose the entire expression in double quotation marks.
  • If the expression itself includes double quotation marks, escape the quotations by using the character.
  • Alternatively, you can use single quotation marks to enclose the rule, in which case you do not have to escape the double quotation marks.

action Name of the built-in or user-defined action to perform on the request. Available built-in actions are NOOP, RESET, DROP, CLIENTAUTH, NOCLIENTAUTH, INTERCEPT AND BYPASS.

undefAction Name of the action to be performed when the result of rule evaluation is undefined. Possible values for control policies: CLIENTAUTH, NOCLIENTAUTH, NOOP, RESET, DROP. Possible values for data policies: NOOP, RESET, DROP and BYPASS

comment Any comments associated with this policy.

Example

add ssl action certInsert_act -clientCert ENABLED -certHeader CERT add ssl policy certInsert_pol -rule ‘HTTP.REQ.URL.STARTSWITH(“/secure.html”)’ -reqAction certInsert_act The above example adds an SSL policy to do Client certificate insertion into the HTTP requests for any web-objects under /secure/.

rm ssl policy

Removes an SSL policy.

Synopsis

rm ssl policy

Arguments

name Name of the SSL policy to be removed.

Example

rm ssl policy certInsert_pol

unset ssl policy

Removes the attributes of an SSL policy. Attributes for which a default value is available revert to their default values. Refer to the set ssl policy command for a description of the parameters..Refer to the set ssl policy command for meanings of the arguments.

Synopsis

unset ssl policy [-undefAction] [-comment]

Example

unset ssl policy pol1 -undefAction

show ssl policy

Displays information about all the SSL policies configured on the appliance, or displays detailed information about the specified SSL policy.

Synopsis

show ssl policy []

Arguments

name Name of the SSL policy for which to display detailed information.

Output

stateflag rule The expression that sets the condition for application of the SSL policy.

action The name of the action to be performed on the request.

undefAction Undef Action associated with the policy.

hits Number of hits.

undefHits Number of Undef hits.

activePolicy boundTo The entity name to which policy is bound

priority gotoPriorityExpression Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.

labelType Type of policy label invocation.

labelName Name of the label to invoke if the current policy rule evaluates to TRUE.

description Description of the policy

comment Any comments associated with this policy.

bindPolicyType vserverType peFlags type type builtin Flag to determine if SSL policy is built-in or not

feature The feature to be checked while applying this config

devno count

Example

show ssl policy 1 SSL policy: 1) Name: certInsert_pol Rule: HTTP.REQ.URL.STARTSWITH(“.html”) Action: certInsert_act Hits: 0

set ssl policy

Modifies the parameters of an SSL policy.

Synopsis

set ssl policy [-rule ] [-action ] [-undefAction ] [-comment ]

Arguments

name Name of the SSL policy to modify.

rule Expression, against which traffic is evaluated.

The following requirements apply only to the Citrix ADC CLI:

  • If the expression includes one or more spaces, enclose the entire expression in double quotation marks.
  • If the expression itself includes double quotation marks, escape the quotations by using the character.
  • Alternatively, you can use single quotation marks to enclose the rule, in which case you do not have to escape the double quotation marks.

action Name of the built-in or user-defined action to perform on the request. Available built-in actions are NOOP, RESET, DROP, CLIENTAUTH, NOCLIENTAUTH, INTERCEPT AND BYPASS.

undefAction Name of the action to be performed when the result of rule evaluation is undefined. Possible values for control policies: CLIENTAUTH, NOCLIENTAUTH, NOOP, RESET, DROP. Possible values for data policies: NOOP, RESET, DROP and BYPASS

comment Any comments associated with this policy.

Example

set ssl policy pol1 -rule “HTTP.REQ.HEADER(\“header\”).CONTAINS(\“qh2\”)”

ssl-policy