NetScaler Block URLs

When deploying a NetScaler virtual load balancer to provide reverse proxy access to a web servers, you may have a requirement to block certain URLs being accessed.For example:

www.mycompany.com/useradmin

www.mycompany.com/private

This can be achieved using the Rewrite and Pattern Sets.

The following example will create a Pattern Set for the URLs that will be denied to users and a Rewrite Policy that will redirect the user back to www.mycompany.com

add policy patset pattern_deny_url_set

bind policy patset pattern_deny_url_set private -index 2 -charset ASCII

bind policy patset pattern_deny_url_set useradmin -index 1 -charset ASCII

add rewrite action rw_url_deny_act replace HTTP.REQ.URL.PATH_AND_QUERY “\”/\””

add rewrite policy rw_deny_url_pol “HTTP.REQ.URL.PATH.GET(1).TO_LOWER.EQUALS_ANY(\”pattern_deny_url_set\”)” rw_url_deny_act

Now bind the new rewrite policy to the required load balancing virtual server to enforce the blocked URLs.

2 Comments

  1. Skip says:
    October 9, 2014 at 10:01 pm

    Hi great write up
    quick question can you go deeper

    as in http://www.mycompany.com/private/admin

    But still allow access to the private

    Reply
  2. Daniel Almond says:
    October 13, 2014 at 11:56 pm

    You can achieve this by modifying the rewrite policy expression to use HTTP.REQ.URL.PATH.GET(2).

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Contact Deptive

Location
Level 13 (Regus)
92 Albert St
Auckland
We also have a virtual office in Wellington.

Contact Details

0800 000 141

Postal Address
PO Box 34797,
Birkenhead, Auckland 0746