Instruction manual
Appendix A: Policy Expressions
NetScaler 9000 Series Installation and Configuration Guide - Volume 1 A-9
NSICG60_JAN05
add policy expression not_normal_method "METHOD != GET &&
not_post && METHOD != HEAD"
Example 2
Test true if the request does not have normal headers:
add policy expression no_hdr_host "HEADER Host NOTEXISTS"
add policy expression no_hdr_user_agent "HEADER
User-Agent NOTEXISTS"
add policy expression not_normal_hdrs "no_hdr_host &&
no_hdr_user_agent"
Example 3
Combine the two into an expression that uses both of these compound
expressions
add policy expression bad_request "not_normal_method ||
not_normal_hdrs"
To use this expression with content filtering to deliver a page “400 Bad
Request” with errorcode 400, the following would be added to complete the
configuration:
add filter action bad_reqact errorcode 400 "400 Bad
Request"
add filter policy block_bad_requests -rule "bad_request"
-reqAction bad_reqact
Alternatively, it could be written as follows to avoid creating named
compound expressions:
add filter policy block_bad_requests -rule "(not_get &&
not_post && not_head) || (no_hdr_host &&
no_hdr_user_agent)" -reqAction bad_request
Alternatively, it could be written as follows to avoid creating named
expressions:
add filter policy block_bad_requests -rule "(METHOD !=
GET && METHOD != POST && METHOD != HEAD) || (HEADER Host
NOTEXISTS && HEADER User-Agent NOTEXISTS)" -reqAction
bad_request
To activate this filter policy for all the http requests, it should be bound globally: