Those of us who work with Citrix ADC every day know what it can do. Some people use it only to load balance web servers internally, while others might use the global server load balancing feature to load balance across the whole world. There’s the content switching feature, which, when paired with the rewrite and responder feature, allows for more extensive customization of the Layer 7 content that is being requested and served.

These typically use policies with expressions such as “HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(\”language\”)”.

But what if we want go beyond Citrix ADC’s out-of-the-box functionality? That’s when we have to transform ourselves into advanced ADC admins.

How?

The secret is an LUA script.

In this blog post, I’m going to take you through a scenario that’s based on a real customer request. For this example, I’ll assume you know basic programming and are comfortable going through ADC logs. I’ll also assume you know how to create a virtual server and offload LDAP authentication to the ADC. (Click here for more information.)

If you’re familiar with ADC expressions, you know there’s one that allows you to see which AD Groups the user belongs (to fine-tune Citrix ADC policies to each group): HTTP.REQ.USER.GROUPS. In this scenario, our customer created a rewrite action to insert a header in an HTTP request with the groups the user belongs to. The query was “How can I filter the header information to send only the groups which are needed to the backend”.

There’s no such out-of-the-box function on Citrix ADC. Because the customer has Priority entitlement, they can access our most experienced engineering experts (one of them is me 😊). To support the requirement, I wrote this script:

function NSTEXT : GROUP_F (pattern : NSTEXT) : NSTEXT
    local    input    =    self
    local    out =    ""
    local    s    =     ""
for word in input:gmatch("[^,]+") do
  if word:sub(1,#pattern )== pattern  then
  s= s .. word .. ","
  end
end

out = s:sub(1, -2)
    return    out
end

This script will get a pattern as input and will filter all inputs that don’t begin with that pattern. For example:

Input: "ag_group1,ag_group2,ag_group3,other_group,other_group2"
Pattern: ag_
Output: "ag_group1,ag_group2,ag_group3 "

The last bit removes the last comma.

After testing it on a LUA compiler like this one, we tested it. Here’s how:

1) Open the ADC GUI. Go to Configuration -> AppExpert -> Policy Extensions and press “Getting Started”

2) Select “Create a new Policy Extension” and give it a name (in my case, GROUP_F):

3) You can use the assistant to create the basic function header:

4) Paste the code from above and save:

5) Now, you’re ready to use your custom made function.

6) Now we can create our policy using the “Expression Editor” (you might need to reboot to have the function appear here):

You can find out the return type of any function by manually typing on the Expression box:

And there you go! You’ve just created your first Citrix ADC LUA script.

For those reading this that are used to programming, you might be wondering, “How would you debug this?” You can use the logging procedure found here. For me, the easiest way was to use a “Log Action” on your policy. Then you can grep /var/log/ns.log for your log reference (see below). When using a “Log Action,” don’t forget to enable “User Configurable Log Messages” under the syslog parameters (System -> Auditing -> Change Auditing Syslog Settings).

Adding the Log Action:

Enabling our log messages to appear on /var/log/ns.log:

My Log Action – grep reference is “PEDRO LUA DEBUG”:

Example Output (click image to see a larger version):

In our product documentation, you can learn more about Citrix ADC extensions and see examples, including how to add MQTT protocol by using the ADC extensions. And please let us know in the comments below what else you’d use Citrix ADC extensions for!


Citrix Tech Bytes – Created by Citrix Experts, made for Citrix Technologists! Learn from passionate Citrix Experts and gain technical insights into the latest Citrix Technologies.

Click here for more Tech Bytes and subscribe.

Want specific Tech Bytes? Let us know! tech-content-feedback@citrix.com.