NetScaler Block URLs

When deploying a NetScaler virtual load balancer to provide reverse proxy access to a web servers, you may have a requirement to block certain URLs being accessed.For example:

This can be achieved using the Rewrite and Pattern Sets.

The following example will create a Pattern Set for the URLs that will be denied to users and a Rewrite Policy that will redirect the user back to

add policy patset pattern_deny_url_set

bind policy patset pattern_deny_url_set private -index 2 -charset ASCII

bind policy patset pattern_deny_url_set useradmin -index 1 -charset ASCII

add rewrite action rw_url_deny_act replace HTTP.REQ.URL.PATH_AND_QUERY “\”/\””

add rewrite policy rw_deny_url_pol “HTTP.REQ.URL.PATH.GET(1).TO_LOWER.EQUALS_ANY(\”pattern_deny_url_set\”)” rw_url_deny_act

Now bind the new rewrite policy to the required load balancing virtual server to enforce the blocked URLs.


  1. Skip says:

    Hi great write up
    quick question can you go deeper

    as in

    But still allow access to the private

  2. You can achieve this by modifying the rewrite policy expression to use HTTP.REQ.URL.PATH.GET(2).

Leave a Reply

Contact Deptive

Deptive - Commercial Bay
11-19 Customs Street West St
Commercial Bay Tower, Level 17, Room 1715
Auckland 1010
We also have a virtual office in Wellington.

Contact Details

0800 000 141

Postal Address
PO Box 34797,
Birkenhead, Auckland 0746