Rewrite 编辑

Warning:

Filter features using classic policies are deprecated and as an alternative Citrix recommends you to use the rewrite and responder features with advanced policy infrastructure.

Rewrite refers to the rewriting of some information in the requests or responses handled by the Citrix ADC appliance. Rewriting can help in providing access to the requested content without exposing unnecessary details about the website’s actual configuration. A few situations in which the rewrite feature is useful are as follows:

  • To improve security, the Citrix ADC can rewrite all the http://links to https:// in the response body.

  • In the SSL offload deployment, the insecure links in the response have to be converted into secure links. Using the rewrite option, you can rewrite all the http://links to https:// for making sure that the outgoing responses from Citrix ADC to the client have the secured links.

  • If a website has to show an error page, you can show a custom error page instead of the default 404 Error page. For example, if you show the home page or site map of the website instead of an error page, the visitor remains on the site instead of moving away from the website.

  • If you want to launch a new website, but use the old URL, you can use the Rewrite option.

  • When a topic in a site has a complicated URL, you can rewrite it with a simple, easy-to-remember URL (also referred to as ‘cool URL’).

  • You can append the default page name to the URL of a website. For example, if the default page of a company’s website is http://www.abc.com/index.php, when the user types ‘abc.com’ in the address bar of the browser, you can rewrite the URL to ‘abc.com/index.php’.

When you enable the rewrite feature, Citrix ADC can modify the headers and body of HTTP requests and responses.

To rewrite HTTP requests and responses, you can use protocol-aware Citrix ADC policy expressions in the rewrite policies you configure. The virtual servers that manage the HTTP requests and responses must be of type HTTP or SSL. In HTTP traffic, you can take the following actions:

  • Modify the URL of a request
  • Add, modify, or delete headers
  • Add, replace, or delete any specific string within the body or headers.

To rewrite TCP payloads, consider the payload as a raw stream of bytes. Each of the virtual servers that managing the TCP connections must be of type TCP or SSL_TCP. The term TCP rewrite is used to refer to the rewrite of TCP payloads that are not HTTP data. In TCP traffic, you can add, modify, or delete any part of the TCP payload.

For examples to use the rewrite feature, see Rewrite Action and Policy Examples.

Comparison between Rewrite and Responder options

The main difference between the rewrite feature and the responder feature is as follows:

Responder cannot be used for response or server-based expressions. Responder can be used only for the following scenarios depending on client parameters:

  • Redirecting an HTTP request to new websites or webpages
  • Responding with some custom response
  • Dropping or resetting a connection at request level

If there is a responder policy, the Citrix ADC examines the request from the client, takes action according to the applicable policies, sends the response to the client, and closes the connection with the client.

If there is a rewrite policy, the Citrix ADC examines the request from the client or response from the server, takes action according to the applicable policies, and forwards the traffic to the client or the server.

In general, it is recommended to use a responder if you want the Citrix ADC to reset or drop a connection based on a client or request-based parameter. Use the responder to redirect traffic, or respond with custom messages. Use rewrite for manipulating data on HTTP requests and responses.

How rewrite works

A rewrite policy consists of a rule and action. The rule determines the traffic on which rewrite is applied and the action determines the action to be taken by the Citrix ADC. You can define multiple rewrite policies. For each policy, specify the bind point and priority.

A bind point refers to a point in the traffic flow at which the Citrix ADC examines the traffic to verify whether any rewrite policy can be applied to it. You can bind a policy to a specific load balancing or content switching virtual server, or make the policy global if you want the policy to be applied to the entire traffic handled by the Citrix ADC. These policies are referred to as global policies.

In addition to the user-defined policies, the Citrix ADC has some default policies. You cannot modify or delete a default policy.

For evaluating the policies, Citrix ADC follow these order:

  • Global policies
  • Policies bound to specific virtual servers
  • Default policies

Note:

Citrix ADC can apply a rewrite policy only when it is bound to a point.

Citrix ADC implements the rewrite feature in the following steps:

  • The Citrix ADC appliance checks for global policies and then checks for policies at individual bind points.

  • If multiple policies are bound to a bind point, the Citrix ADC evaluates the policies in the order of their priority. The policy with the highest priority is evaluated first. After evaluating each policy, if the policy is evaluated to TRUE, it adds the action associated with the policy the associated action is performed. A match occurs when the characteristics specified in the policy rule match the characteristics of the request or response being evaluated.

  • For any policy, in addition to the action, you can specify the policy that must be evaluated after the current policy is evaluated. This policy is referred to as the ‘Go to Expression’. For any policy, if a Go to Expression (gotoPriorityExpr) is specified, the Citrix ADC evaluates the Go to Expression policy. It ignores the policy with the next highest priority.

    You can specify the priority of the policy to indicate the Go to Expression policy; you cannot use the name of the policy. If you want the Citrix ADC to stop evaluating other policies after evaluating a particular policy, you can set the Go to Expression to ‘END’.

  • After all the policies are evaluated or when a policy has the Go to Expression set as END, the Citrix ADC starts performing the actions according to the list of actions.

For more information about configuring rewrite policies, see Configuring a Rewrite Policy and about binding rewrite policies, see Binding a Rewrite Policy.

The following figure illustrates how Citrix ADC processes a request or response when the rewrite feature is used.

Figure 1. The Rewrite Process

Image

Policy Evaluation

The policy with the highest priority is evaluated first. Citrix ADC does not stop the evaluation of rewrite policies when it finds a match. It evaluates all the rewrite policies configured on the Citrix ADC.

  • If a policy evaluates to TRUE, the Citrix ADC follows the procedure below:
    • If the policy has the Go to Expression set to END, the Citrix ADC stops evaluating all the other policies and starts performing the rewrite.
    • The gotoPriorityExpression can be set to ‘NEXT’, ‘END’, some integer or ‘INVOCATION_LIST’. The value determines the policy with the next priority. The following table shows the action taken by Citrix ADC for each value of the expression.

      Value of the expressionAction
      NEXTThe policy with the next priority gets evaluated.
      ENDEvaluation of policies stops.
      <an integer>Policy with specified priority gets evaluated.
      INVOCATION_LISTGoto NEXT or END is applied based on the result of the invocation list.
  • If a policy evaluates to FALSE, the Citrix ADC continues the evaluation in the order of priority.
  • If a policy evaluates to UNDEFINED (cannot be evaluated on the received traffic due to an error), the Citrix ADC performs the action assigned to the UNDEFINED condition (referred to as undefAction) and stops further evaluation of policies.

The Citrix ADC starts the actual rewriting only after the evaluation is complete. It refers to the list of actions identified by policies that are evaluated to TRUE, and starts the rewriting. After implementing all the actions in the list, the Citrix ADC forwards the traffic as required.

Note:

Ensure that the policies do not specify conflicting or overlapping actions on the same part of the HTTP header or body, or TCP payload. When such a conflict occurs, the Citrix ADC encounters an undefined situation and aborts the rewrite.

Rewrite Actions

On the Citrix ADC appliance, specify the actions to be taken such as adding, replacing, or deleting text within the body, or adding, modifying, or deleting headers, or any changes in the TCP payload as rewrite actions. For more information about rewrite actions, see Configuring a Rewrite Action.

The following table describes the steps the Citrix ADC can take when a policy evaluates to TRUE.

ActionResult
InsertThe rewrite action specified for the policy is carried out.
NOREWRITEThe request or response is not rewritten. Citrix ADC forwards the traffic without rewriting any part of the message.
RESETThe connection is aborted at the TCP level.
DROPThe message is dropped.

Note:

For any policy, you can configure the underaction (action to be taken when the policy evaluates to UNDEFINED) as NOREWRITE, RESET, or DROP.

To use the Rewrite feature, take the following steps:

  • Enable the feature on the Citrix ADC.
  • Define rewrite actions.
  • Define rewrite policies.
  • Bind the policies to a bind point to bring a policy into effect.

Enable rewrite

Enable the rewrite feature on the Citrix ADC appliance if you want to rewrite the HTTP or TCP requests or responses. If the feature is enabled, Citrix ADC takes rewrite action according to the specified policies. For more information, see How rewrite works.

To enable the rewrite feature by using the command line interface

At the command prompt, type the following commands to enable the rewrite feature and verify the configuration:

  • enable ns feature REWRITE
  • show ns feature

Example:

> enable ns feature REWRITE
 Done
> show ns feature

        FeatureAcronym              Status
        --------------              ------
 1)     Web Logging    WL   OFF
 2)     Surge Protection               SP   ON
 .
 .
 .
 1)     RewriteREWRITE              ON
 .
 .
 1)     Citrix ADC Push push OFF
 Done
<!--NeedCopy-->

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:21 次

字数:13690

最后编辑:6 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文