start with This is an expression? Anyone using NetScaler are familiar with this term, does he? In simple terms, the expression is a logical token that is used in the policies and actions. When we launched the Strategic Infrastructure peak called "AppExpert" Our goal was to make the language of surprisingly powerful expression so that all logic can be defined through expressions. We invented a new language of expression without realizing how useful it will be for various cases of use invisible.
Each expression you define a meaning and value in the context where it is used in particular. An expression can be used to refer to a part of the HTTP request in an action while the same expression as a Boolean can build the rule of a policy. As you start to get involved with the AppExpert infrastructure, you will need to live with :) expressions. While it can be endless discussion on expressions and use, in this blog, we will focus on only one expression that can help solve many use cases.
HTTP.REQ.FULL_HEADER
And
HTTP.RES.FULL_HEADER
focus is on "FULL_HEADER" aspect of this expression. This simple expression allows several use cases that are either not feasible without it or would require extensive configuration to achieve the same results. Let some cases basic use.
length or head size
If you want to control the total size of the HTTP header you expect to receive application or response, you can use the following expression.
HTTP.REQ.FULL_HEADER.LENGTH
The above expression returns the total length of the HTTP request header and you can use methods such as EQ, LT, GT or nE do the calculation that results in the Boolean result of the policy. It will be extremely difficult to calculate the full header length without that term.
Replace header name
Many times you want to do operation on header names as the value . To operate on header names, you should use the expression FULL_HEADER. For example the following expression would return you the "Host" header name in the HTTP request and you can use it in the act of rewriting to replace or modify its contents.
'HTTP.REQ .FULL_HEADER.SUBSTR ( " r nHost")
We use " r n" SUBSTR inside to make sure it corresponds to a header name only. Each head is preceded by " r n" HTTP semantics. There is no direct expression that acts on HTTP header name directly.
multiple changes in a single action
Let's say you know the dangerous headers that should not go to the main server or applications. It is a fairly simple operation and simply delete the header one after another. But if the headers list is long, you need to configure many actions and policies to make this work. With the expression of FULL_HEADER you can remove multiple headers in single action
add rewriting action to remove headers delete_all 'HTTP.REQ.FULL_HEADER' -search regex (re / (iU) (HDR1 |.? HDR2 | Hdr3) :. * r n /)
with this single action, you can remove the headers HDR1, HDR2 and Hdr3 in single attempt. It is simple to increase the number of headers here lead this case to come use.
Header Whitelisting
In the case of previous use if you had a list of known good heads that can be allowed and all rest should be blocked ... it becomes difficult, right? You would have heard about IP blacklisted several times over whitelisting head, but there are some specific use cases where Server / App waiting list headers defined in the HTTP request. This requires us to work on all HTTP headers received and ensure that only the expected headers are allowed to go to servers and rest everything is removed. Here is an action such rewriting
add rewriting whitelist_headers action replace_all 'HTTP.REQ.FULL_HEADER.AFTER_STR ( " r n")' 'TARGET.REGEX_SELECT (re / (iU ) ^ (Host | Accept | date): ... * r n /) ALT "" 'regex -search (re / (U) +: + r n /)
[?above action replaces the entire HTTP header list with only 3 heads (Host, accept and date) in the expression. It contains a full list and replaces it with these 3 of the list to ensure that no other head passes through the server. This is another one of those cases that can not be achieved without this specific expression because it can be a lot number of user-defined heads that are not generally known.
I'm sure you have started liking this specific expression now 
AppExpert is full of these useful expressions and tokens that can make our lives easier ...
0 Komentar