Let us start with, what is an Expression? All of us who use NetScaler are familiar with this term, isn’t it? In simple words, Expression is a logical token which is used inside the policies and actions. When we launched the advanced policy infrastructure called “AppExpert”, our focus was to make the Expression language amazingly powerful such that the whole logic can be defined through expressions. We invented the new expression language without realizing how useful it will be for various unseen use cases.
Every expression you define has specific meaning and value in context of where it is used. An expression can be used to refer to a portion of HTTP request in an action while the same expression in Boolean form can construct the rule of a policy. As you start getting involved with the AppExpert infrastructure, you will need to live with Expressions :). While it can be endless discussion around expressions and their usage, in this blog we will focus on a single expression which can helps resolve multiple use cases.
The focus here is on the “FULL_HEADER” aspect of this expression. This simple expression enables several use cases which are either not doable without it or would require extensive configuration to achieve same results. Let us go over couple of core use cases.
Length or Size of header
If you want to control the total size of HTTP header you expect to receive from request or response then you can use following expression.
The above expression returns the total length of the HTTP header in request and you can use methods like EQ, LT, GT or NE to do computation which results into Boolean result for the policy. It will be extremely difficult to calculate the whole header length without having this expression.
Replace in header name
Many times you want to do operation on header names than value. To operate on header names you need to use the FULL_HEADER expression. For example following expression would return you the “Host” header name in HTTP request and you can use it in rewrite action to replace or alter its content.
We are using “\r\n” inside SUBSTR to ensure that it matches a header name only. Every header is preceded by a “\r\n” per HTTP semantic. There is no direct expression which acts on HTTP header name directly.
Multiple changes in single action
Let us say you know the unsafe headers which should not go to the backend server or applications. It is pretty simple operation and you just need to delete those header one after another. But if the list of headers is long then you will have to configure those many actions and policies to do this job. With the FULL_HEADER expression you can delete multiple headers in single action.
add rewrite action delete-headers delete_all ‘HTTP.REQ.FULL_HEADER’ -search regex(re/(?iU)(Hdr1|Hdr2|Hdr3):.*\r\n/)
With this single action you can remove headers Hdr1, Hdr2 and Hdr3 in single attempt. It is simple to increase the number of headers here driving this use case ahead.
In the previous use case if you only had list of known good headers which can be allowed and everything else needs to be blocked… it becomes tricky, isn’t it? You would have heard about IP blacklisting many times as compared to Header whitelisting but there are specific use cases where Server/App expects only defined list of headers in HTTP request. This requires us to walk over all the HTTP headers received and ensure that only expected headers are allowed to go to the servers and rest everything is removed. Here is an example rewrite action:
add rewrite action whitelist_headers replace_all ‘HTTP.REQ.FULL_HEADER.AFTER_STR(“\r\n”)’ ‘TARGET.REGEX_SELECT(re/(?iU)^(Host|Accept|Date):.*\r\n/) ALT “”‘ -search regex(re/(?U).+:.+\r\n/)
The above action replaces the whole HTTP header list with only 3 headers (Host, Accept and Date) given in the expression. It picks up the complete list and replaces it with these 3 from the same list ensuring that no other header passes through to the server. This is another of those cases which cannot be achieved without this specific expression as there can be many number of user defined headers which are not commonly known.
I am sure you have started liking this specific expression now 🙂
AppExpert is full of such useful expressions and tokens which can make our life easy…