Docs.Citrix.

com

Responder Action and Policy Examples

http://docs.citrix.com/content/docs/en-us/netscaler/11/appexpert/responder/responder-action-policyexamples.html
Nov. 24, 2014

citrix.com

Responder Action and Policy Examples

Responder actions and policies are powerful and complex, but you can get started with relatively simple applications. For
typical examples, see "Example: Blocking Access from Specified IPs" and "Example: Redirecting a Client to a new URL."

Example: Blocking Access from Specified IPs

The following procedures block access to your protected Web site(s) by clients originating from the CIDR 222.222.0.0/16. The
responder sends an error message stating that the client is not authorized to access the URL requested.

To block access by using the command line interface

At the command prompt, type the following commands to block access:

add responder action act_unauthorized respondwith '"HTTP/1.1 200 OK\r\n\r\n" + "Client: " + CLIENT.IP.
SRC + " is not authorized to access URL:" + "HTTP.REQ.URL.HTTP_URL_SAFE"'
add responder policy pol_un "CLIENT.IP.SRC.IN_SUBNET (222.222.0.0/16)" act_unauthorized
bind responder global pol_un 10

To block access by using the configuration utility

1. In the navigation pane, expand Responder, and then click Actions.
2. In the details pane, click Add.
3. In the Create Responder Action dialog box, do the following:
a. In the Name text box, type act_unauthorized.
b. Under Type, select Respond with.
c. In the Target text area, type the following string: "HTTP/1.1 200 OK\r\n\r\n" + "Client: " +
CLIENT.IP.SRC + " is not authorized to access URL:" + HTTP.REQ.URL.HTTP_URL_SAFE
d. Click Create, and then click Close.
The responder action you configured, named act_unauthorized, now appears in the Responder Actions page.
4. In the navigation pane, click Policies.
5. In the details pane, click Add.
6. In the Create Responder Policy dialog box, do the following:
a. In the Name text box, type pol_unauthorized.
b. Under Action, select act_unauthorized.
c. In the Expression window, type the following rule: CLIENT.IP.SRC.IN_SUBNET(222.222.0.0/16)
d. Click Create, then click Close.
The responder policy you configured, named pol_unauthorized, now appears in the Responder Policies page.
7. Globally bind your new policy, pol_unauthorized, as described in "Binding a Responder Policy."

Example: Redirecting a Client to a new URL

The following procedures redirect clients who access your protected Web site(s) from within the CIDR 222.222.0.0/16 to a
specified URL.

To redirect clients by using the command line interface

At the command prompt, type the following commands to redirect clients and verify the configuration:

add responder action act_redirect redirect '"http://www.example.com/404.html"'

show responder action act_redirect
add responder policy pol_redirect "CLIENT.IP.SRC.IN_SUBNET(222.222.0.0/16)" act_redirect
show responder policy pol_redirect
bind responder global pol_redirect 10
Example
> add responder action act_redirect redirect '" http ://www.example.com/404.html "'
> add responder policy pol_redirect "CLIENT.IP.SRC.IN_SUBNET(222.222.0.0/16)" act_redirect

To redirect clients by using the configuration utility

1. Navigate to AppExpert > Responder > Actions.
2. In the details pane, click Add.
3. In the Create Responder Action dialog box, do the following:
a.
citrix.com

3.

4.
5.
6.

7.

a. In the Name text box, type act_redirect.

b. Under Type, select Redirect.
c. In the Target text area, type the following string: "http://www.example.com/404.html"
d. Click Create, then click Close.
The responder action you configured, named act_redirect, now appears in the Responder Actions page.
In the navigation pane, click Policies.
In the details pane, click Add.
In the Create Responder Policy dialog box, do the following:
a. In the Name text box, type pol_redirect.
b. Under Action, select act_redirect.
c. In the Expression window, type the following rule: CLIENT.IP.SRC.IN_SUBNET(222.222.0.0/16)
d. Click Create, then click Close.
The responder policy you configured, named pol_redirect, now appears in the Responder Policies page.
Globally bind your new policy, pol_redirect, as described in "Binding a Responder Policy."

citrix.com

 1999-2015 Citrix Systems, Inc. All Rights Reserved.

citrix.com