|
|
|
Use this method to creates a rewrite action, which specifies exactly what modifications to make to a request or response before forwarding that request or response to the protected web server or to the user.
In addition to user-defined actions, the rewrite feature has the following three built-in actions:
* NOREWRITE - Sends the request or response to the user without rewriting it.
* RESET - Resets the connection and notifies the user's browser, so that the user can resend the request.
* DROP - Drops the connection without sending a response to the user.
One of the following three flow types is implicitly associated with every action:
* Request - Action applies to the request.
* Response - Action applies to the response.
* Neutral - Action applies to both requests and responses. |
|
Syntax |
|
|
|
|
|
Parameters |
|
name |
|
Name for the user-defined rewrite action. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) hash (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Can be changed after the rewrite policy is added.
The following requirement applies only to the Citrix ADC CLI:
If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my rewrite action" or 'my rewrite action').
This is mandatory parameter. |
|
type |
|
Type of user-defined rewrite action. The information that you provide for, and the effect of, each type are as follows::
* REPLACE . Replaces the string with the string-builder expression.
* REPLACE_ALL -search . In the request or response specified by , replaces all occurrences of the string defined by with the string defined by .
* REPLACE_HTTP_RES . Replaces the complete HTTP response with the string defined by the string-builder expression.
* REPLACE_SIP_RES - Replaces the complete SIP response with the string specified by .
* INSERT_HTTP_HEADER . Inserts the HTTP header specified by and header contents specified by .
* DELETE_HTTP_HEADER . Deletes the HTTP header specified by .
* CORRUPT_HTTP_HEADER . Replaces the header name of all occurrences of the HTTP header specified by with a corrupted name, so that it will not be recognized by the receiver Example: MY_HEADER is changed to MHEY_ADER.
* INSERT_BEFORE . Finds the string specified in and inserts the string in before it.
* INSERT_BEFORE_ALL -search . In the request or response specified by , locates all occurrences of the string specified in and inserts the string specified in before each.
* INSERT_AFTER . Finds the string specified in , and inserts the string specified in after it.
* INSERT_AFTER_ALL -search . In the request or response specified by , locates all occurrences of the string specified by and inserts the string specified by after each.
* DELETE . Finds and deletes the specified target.
* DELETE_ALL -search . In the request or response specified by , locates and deletes all occurrences of the string specified by .
* REPLACE_DIAMETER_HEADER_FIELD . In the request or response modify the header field specified by . Use Diameter.req.flags.SET() or Diameter.req.flags.UNSET as 'stringbuilderexpression' to set or unset flags.
* REPLACE_DNS_HEADER_FIELD . In the request or response modify the header field specified by .
* REPLACE_DNS_ANSWER_SECTION . Replace the DNS answer section in the response. This is currently applicable for A and AAAA records only. Use DNS.NEW_RRSET_A & DNS.NEW_RRSET_AAAA expressions to configure the new answer section.
* REPLACE_MQTT : Replace MQTT message fields specified in to the value specified in
* INSERT_MQTT : Insert the string_builder_expr to an appropriate packet field in the MQTT message.
* INSERT_AFTER_MQTT : Insert a topic specified in in the MQTT Subscribe or Unsubscribe message after the specified target_expr.
* INSERT_BEFORE_MQTT : Insert a topic specified in in the MQTT Subscribe or Unsubscribe message before the specified target_expr.
* DELETE_MQTT : Deletes the specified target in the MQTT message.
This is mandatory parameter. |
|
target |
|
Expression that specifies which part of the request or response to rewrite.
This is mandatory parameter. |
|
stringbuilderexpr |
|
Expression that specifies the content to insert into the request or response at the specified location, or that replaces the specified string. |
|
search |
|
Search facility that is used to match multiple strings in the request or response. Used in the INSERT_BEFORE_ALL, INSERT_AFTER_ALL, REPLACE_ALL, and DELETE_ALL action types. The following search types are supported:
* Text ("text(string)") - A literal string. Example: -search text("hello")
* Regular expression ("regex(reregular exp)") - Pattern that is used to match multiple strings in the request or response. The pattern may be a PCRE-format regular expression with a delimiter that consists of any printable ASCII non-alphanumeric character except for the underscore (_) and space ( ) that is not otherwise used in the expression. Example: -search regex(re~^hello*~) The preceding regular expression can use the tilde (~) as the delimiter because that character does not appear in the regular expression itself.
* XPath ("xpath(xpxpath expression)") - An XPath expression to search XML. The delimiter has the same rules as for regex. Example: -search xpath(xp%/a/b%)
* JSON ("xpath_json(xpxpath expression)") - An XPath expression to search JSON. The delimiter has the same rules as for regex. Example: -search xpath_json(xp%/a/b%)
NOTE: JSON searches use the same syntax as XPath searches, but operate on JSON files instead of standard XML files.
* HTML ("xpath_html(xpxpath expression)") - An XPath expression to search HTML. The delimiter has the same rules as for regex. Example: -search xpath_html(xp%/html/body%)
NOTE: HTML searches use the same syntax as XPath searches, but operate on HTML files instead of standard XML files; HTML 5 rules for the file syntax are used; HTML 4 and later are supported.
* Patset ("patset(patset)") - A predefined pattern set. Example: -search patset("patset1").
* Datset ("dataset(dataset)") - A predefined dataset. Example: -search dataset("dataset1").
* AVP ("avp(avp number)") - AVP number that is used to match multiple AVPs in a Diameter/Radius Message. Example: -search avp(999)
Note: for all these the TARGET prefix can be used in the replacement expression to specify the text that was selected by the -search parameter, optionally adjusted by the -refineSearch parameter.
Example: TARGET.BEFORE_STR(",") |
|
refinesearch |
|
Specify additional criteria to refine the results of the search.
Always starts with the "extend(m,n)" operation, where 'm' specifies number of bytes to the left of selected data and 'n' specifies number of bytes to the right of selected data to extend the selected area.
You can use refineSearch only on body expressions, and for the INSERT_BEFORE_ALL, INSERT_AFTER_ALL, REPLACE_ALL, and DELETE_ALL action types.
Example: -refineSearch 'EXTEND(10, 20).REGEX_SELECT(re~0x[0-9a-zA-Z]+~). |
|
comment |
|
Comment. Can be used to preserve information about this rewrite action. |
|
Return Value |
|
|
|
See Also |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|