Instruction manual
Appendix A: Policy Expressions
NetScaler 9000 Series Installation and Configuration Guide - Volume 1 A-15
NSICG60_JAN05
add filter policy filter_nongetpost –rule "method != get
&& method != post" –reqAction RESET
Policies can also use a combination of named expressions and expression
logic too. One such example is:
add expr http_port "destport == 80"
add expression excel_ppt "RES.HTTP.HEADER Content-Type
CONTAINS application/vnd.ms-excel || RES.HTTP.HEADER
Content-Type CONTAINS application/vnd.ms-powerpoint"
add cmp policy cmppol –rule "(sourceip == 10.102.0.0
–netmask 255.255.0.0 && http_port) || excel_ppt"
–resAction COMPRESS
In above examples, filter policy and compression policies use built-in actions
RESET and COMPRESS.
Expression_logic can be described by below grammar:
<qualifier> := <basic-qualifier>
:= <flow-type>.<protocol>.<basic-qualifier>
<simple-expr> := <non-ip-header-qualifier> <binary-op>
<operand>
:= <non-ip-header-qualifier> <unary-op>
:= <header-qualifier> <header-name> <binary-op>
<operand>
:= <header-qualifier> <header-name> <unary-op>
<simple-expression> := <simple-expr>
:= <simple-expr> -length <length>
:= <simple-expr> -length <length> -offset <offset>
:= <ip-qualifier> <binary-op> <ipaddr>
:= <ip-qualifier> <binary-op> <masked-ipaddr> -netmask
<netmask>
<compound-expression> := <simple-expression>
:= <expression-name>