NetScaler Block URLs

When deploying a NetScaler virtual load balancer to provide reverse proxy access to a web servers, you may have a requirement to block certain URLs being accessed.For example:

www.mycompany.com/useradmin

www.mycompany.com/private

This can be achieved using the Rewrite and Pattern Sets.

The following example will create a Pattern Set for the URLs that will be denied to users and a Rewrite Policy that will redirect the user back to www.mycompany.com

add policy patset pattern_deny_url_set

bind policy patset pattern_deny_url_set private -index 2 -charset ASCII

bind policy patset pattern_deny_url_set useradmin -index 1 -charset ASCII

add rewrite action rw_url_deny_act replace HTTP.REQ.URL.PATH_AND_QUERY “\”/\””

add rewrite policy rw_deny_url_pol “HTTP.REQ.URL.PATH.GET(1).TO_LOWER.EQUALS_ANY(\”pattern_deny_url_set\”)” rw_url_deny_act

Now bind the new rewrite policy to the required load balancing virtual server to enforce the blocked URLs.

2 Comments

  1. Skip says:

    Hi great write up
    quick question can you go deeper

    as in http://www.mycompany.com/private/admin

    But still allow access to the private

  2. You can achieve this by modifying the rewrite policy expression to use HTTP.REQ.URL.PATH.GET(2).

Leave a Reply

Contact Deptive

Location
Plaza Level (Regus)
41 Shortland Street
Auckland
We also have a virtual office in Wellington.

Contact Details
info@deptive.co.nz
0800 000 141

Postal Address
PO Box 34797,
Birkenhead, Auckland 0746