Skip to content

contentInspection policy

The following operations can be performed on "contentInspection policy":

add| rm| set| unset| show| rename| stat

add contentInspection policy

p{white-space: pre-wrap;}

Creates a contentInspection policy, which specifies requests that the Citrix ADC intercepts and executes the specified action.

Synopsys

add contentInspection policy <name> -rule <expression> -action <string> [-undefAction <string>] [-comment <string>] [-logAction <string>]

Arguments

name

Name for the contentInspection policy.

Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Can be changed after the contentInspection policy is added.

The following requirement applies only to the Citrix ADC CLI:

If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my contentInspection policy" or 'my contentInspection policy').

rule

Expression that the policy uses to determine whether to execute the specified action.

action

Name of the contentInspection action to perform if the request matches this contentInspection policy.

There are also some built-in actions which can be used. These are:

  • NOINSPECTION - Send the request from the client to the server or response from the server to the client without sending it to Inspection device for Content Inspection.

  • RESET - Resets the client connection by closing it. The client program, such as a browser, will handle this and may inform the user. The client may then resend the request if desired.

  • DROP - Drop the request without sending a response to the user.

undefAction

Action to perform if the result of policy evaluation is undefined (UNDEF). An UNDEF event indicates an internal error condition. Only the above built-in actions can be used.

comment

Any type of information about this contentInspection policy.

logAction

Name of the messagelog action to use for requests that match this policy.

Example

i) add contentInspection policy pol9 -rule "HTTP.REQ.URL.URL_CATEGORIZE(0,0).CATEGORY.EQ(\\"Malware\\")" -action AV_ACTION

rm contentInspection policy

p{white-space: pre-wrap;}

Removes the specified contentInspection policy.

Synopsys

rm contentInspection policy <name>

Arguments

name

Name of the contentInspection policy to remove.

Example

rm contentInspection policy pol9

set contentInspection policy

p{white-space: pre-wrap;}

Modifies the rule, action or comment portion of the specified contentInspection policy.

Synopsys

set contentInspection policy <name> [-rule <expression>] [-action <string>] [-undefAction <string>] [-comment <string>] [-logAction <string>]

Arguments

name

Name of the contentInspection policy.

rule

Expression that the policy uses to determine whether to execute the specified action.

action

Name of the contentInspection action to perform if the request matches this contentInspection policy.

There are also some built-in actions which can be used. These are:

  • NOINSPECTION - Send the request from the client to the server or response from the server to the client without sending it to Inspection device for Content Inspection.

  • RESET - Resets the client connection by closing it. The client program, such as a browser, will handle this and may inform the user. The client may then resend the request if desired.

  • DROP - Drop the request without sending a response to the user.

undefAction

Action to perform if the result of policy evaluation is undefined (UNDEF). An UNDEF event indicates an internal error condition. Only the above built-in actions can be used.

comment

Any type of information about this contentInspection policy.

logAction

Name of the messagelog action to use for requests that match this policy.

Example

set contentInspection policy pol9 -rule "HTTP.REQ.HEADER(\\"header\\").CONTAINS(\\"qh2\\")"

unset contentInspection policy

p{white-space: pre-wrap;}

Removes the settings of an existing contentInspection policy. Attributes for which a default value is available revert to their default values. See the set contentInspection policy command for descriptions of the parameters..Refer to the set contentInspection policy command for meanings of the arguments.

Synopsys

unset contentInspection policy <name> [-undefAction] [-comment] [-logAction]

Example

unset contentInspection policy pol9 -undefAction

show contentInspection policy

p{white-space: pre-wrap;}

Displays the current settings for the specified contentInspection policy. If no policy name is specified, displays a list of all contentInspection policies currently configured on the Citrix ADC, with abbreviated settings.

Synopsys

show contentInspection policy [<name>] show contentInspection policy stats - alias for 'stat contentInspection policy'

Arguments

name

Name of the contentInspection policy for which to display settings.

Outputs

stateflag

rule

Rule of the policy.

action

CI action associated with the policy.

undefAction

UNDEF action associated with the policy.

hits

Number of hits.

undefHits

Number of policy UNDEF hits.

activePolicy

Indicates whether policy is bound or not.

boundTo

Location where policy is bound

priority

Specifies the priority of the policy.

gotoPriorityExpression

Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.

labelType

Type of policy label invocation.

labelName

Name of the label to invoke if the current policy rule evaluates to TRUE.

comment

Any type of information about this contentInspection policy.

logAction

Name of the messagelog action to use for requests that match this policy.

bindPolicyType

vserverType

builtin

Flag to determine if contentInspection policy is built-in or not

feature

The feature to be checked while applying this config

type

devno

count

Example

show contentInspection policy

rename contentInspection policy

p{white-space: pre-wrap;}

Renames the specified contentInspection policy.

Synopsys

rename contentInspection policy <name>@ <newName>@

Arguments

name

Existing name of the contentInspection policy.

newName

New name for the contentInspection policy. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) hash (#), space ( ), at (@), equals (=), colon (:), and underscore characters.

The following requirement applies only to the Citrix ADC CLI:

If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my contentInspection policy" or 'my contentInspection policy').

Example

rename contentInspection policy oldname newname

stat contentInspection policy

p{white-space: pre-wrap;}

Displays statistics for all contentInspection policies currently configured on the Citrix ADC, or detailed statistics for the specified policy.

Synopsys

stat contentInspection policy [<name>] [-detail] [-fullValues] [-ntimes <positive_integer>] [-logFile <input_filename>] [-clearstats ( basic | full )]

Arguments

name

Name of the contentInspection policy for which to show detailed statistics.

detail

Specifies detailed output (including more statistics). The output can be quite voluminous. Without this argument, the output will show only a summary.

fullValues

Specifies that numbers and strings should be displayed in their full form. Without this option, long strings are shortened and large numbers are abbreviated

ntimes

The number of times, in intervals of seven seconds, the statistics should be displayed.

Default value: 1

Minimum value: 0

logFile

The name of the log file to be used as input.

clearstats

Clear the statsistics / counters

Possible values: basic, full

Outputs

count

devno

stateflag

Outputs

Policy hits (Hits)

Number of hits on the policy

Policy undef hits (Undefhits)

Number of undef hits on the policy