RewriteDeployment GuideA Step-by-Step Technical Guide

Deployment Guide

Deployment Guide

Notice:

The information in this publication is subject to change without notice.

THIS PUBLICATION IS PROVIDED “AS IS” WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. CITRIX SYSTEMS, INC. (“CITRIX”), SHALL NOT BE LIABLE FOR TECHNICAL OR EDITORIAL ERRORS OR OMISSIONS CONTAINED HEREIN, NOR FOR DIRECT, INCIDENTAL, CONSEQUENTIAL OR ANY OTHER DAMAGES RESULTING FROM THE FURNISHING, PERFORMANCE, OR USE OF THIS PUBLICATION, EVEN IF CITRIX HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE.

This publication contains information protected by copyright. Except for internal distribution, no part of this publication may be photocopied or reproduced in any form without prior written consent from Citrix.

The exclusive warranty for Citrix products, if any, is stated in the product documentation accompanying such products. Citrix does not warrant products other than its own.

Product names mentioned herein may be trademarks and/or registered trademarks of their respective companies.

Copyright © 2008 Citrix Systems, Inc., 851 West Cypress Creek Road, Ft. Lauderdale, Florida 33309-2009 U.S.A. All rights reserved.

Table of ContentsIntroduction ..........................................................................................................................................4Solution Requirements ..........................................................................................................................5Prerequisites .........................................................................................................................................5Network Diagram .................................................................................................................................6First time connectivity ...........................................................................................................................7

Serial Connection ............................................................................................................................7Ethernet Connection ........................................................................................................................7

NetScaler Configuration ........................................................................................................................8Deployment Model: Netscaler High Availability, Two-Arm Mode, Rewrite. .........................................8

About Rewrite .......................................................................................................................................9Basic Information .............................................................................................................................9Enabling Rewrite ............................................................................................................................10The Rewrite Process ......................................................................................................................10Important Policy Behavior - Policy Engine (PE) ...............................................................................12Bind Points ....................................................................................................................................13

Application Profiling ............................................................................................................................14Taking a trace ................................................................................................................................14Taking a trace with wireshark .........................................................................................................14Taking a trace with the Citrix Application Switch .............................................................................15Viewing headers with Paros ...........................................................................................................15Viewing headers with Live HTTP Headers ......................................................................................15Viewing headers with IE Analyzer ...................................................................................................15Viewing headers with IE Watch ......................................................................................................15

Configuring Rewrite ............................................................................................................................16Create Rewrite Action ....................................................................................................................16Create Rewrite Policy .....................................................................................................................21Create Rewrite Bind Point ..............................................................................................................24

Appendix A - NetScaler Application Switch Configuration ...................................................................26

4

IntroductionCitrix® NetScaler® optimizes the delivery of web applications — increasing security and improving performance and Web server capacity. This approach ensures the best total cost of ownership (TCO), security, availability, and performance for Web applications. The Citrix NetScaler solution is a comprehensive network system that combines high-speed load balancing and content switching with state-of-the-art application acceleration, layer 4-7 traffic management, data compression, dynamic content caching, SSL acceleration, network optimization, and robust application security into a single, tightly integrated solution. Deployed in front of application servers, the system significantly reduces processing overhead on application and database servers, reducing hardware and bandwidth costs.

The Application Switch Rewrite feature is a general-purpose HTTP header and body modification utility. It allows you to add HTTP headers to an HTTP request or response, make modifications to individual HTTP headers, and delete HTTP headers. It also gives you control over modifying the HTTP body in requests and responses.

This deployment guide was created as the result of validation testing with the Oracle Enterprise Business Suite v12 application. This deployment guide walks through the step-by-step configuration details of how to configure the Citrix NetScaler application switch for Rewrite and some of the considerations necessary for integration with Oracle EBSv12.

5

Solution RequirementsApplication Delivery Front-End

Request Rewrite

Response Rewrite

Oracle E-Business Suite v12

PrerequisitesCitrix NetScaler L4/7 Application Switch, running version 8.0+, (Quantity x 1 for single deployment, Quantity x 2 for HA deployment).

Layer 2/3 switch, w/support for 802.1q VLANs, (Quantity x 1)

Client laptop/workstation running Internet Explorer 6.0+, Ethernet port

9-pin serial cable -or- USB-to-serial cable

•

•

•

•

•

•

•

•

NOTE: The policies in this guide are based on the Policy Engine (PE) architecture in NetScaler version 8.0. The policies for NetScaler version 9.0+ use the Policy Infrastructure (PI) architecture which are different in syntax and methodology. Policy Infrastructure is not discussed in this guide.

VLAN Legend Primary NetScaler Primary/Secondary NetScaler Secondary NetScaler

VLAN 1

VLAN 10

VLAN 11

IP Addresses: NSIP: 10.217.104.51 / 24

Shared IP Addresses: VIP: 67.97.253.91 / 29 VIP: 67.97.253.92 / 29

VLAN 10: Interface 1/2, Untagged

VLAN 11: Interface 1/5, Untagged MIP: 67.97.253.84 / 29

VLAN 1: (Mgmt) Interface 0/1, Untagged SNIP: 10.217.104.54 / 24

IP Addresses: NSIP: 10.217.104.52 / 24

6

The following is the Network that was used to develop this deployment guide, and is representative of a solution implemented at a customer site.

Network Diagram

Int0/1

Admin

GlobalInternet

Int1/5Int1/2VLAN 10 VLAN 11

CitrixNetScaler®

http://accel91.citrix.comhttps://accel91.citrix.com

Oracle Database Server

Oracle Application Server

169.145.91.81

169.145.91.82

VLAN 1

HttpHttp

Https

subnet169.145.91.80/29

subnet169.145.91.88/29

7

Serial: 9600, n, 8, 1 Default IP Address:192.168.100.1

First time connectivitySerial Connection

The NetScaler can be accessed by the serial port through any terminal emulation program. Windows Hyperterm is commonly used on a laptop or workstation. Connect a 9-pin Null Modem cable (or USB-to-9-pin cable) from the computer to the NetScaler’s console port. In the terminal emulation program configure the settings for 9600 baud, No stop bits, 8 data bits, and 1 parity bit. The login prompt should appear. The default login is nsroot, nsroot. It is advisable to change the nsroot password once connected.

Once connected type in the CLI command ‘configns’ (‘nsconfig’ if at the shell prompt). Select option 1 to change the NetScaler IP Address and Network Mask. Exit, save and reboot.

Ethernet Connection

The NetScaler can also be accessed by the default IP Address of 192.168.100.1, either through an http, https, telnet or ssh connection. Once connected, the login prompt should appear. The default login is nsroot, nsroot. It is advisable to change the nsroot password once connected.

Type in the CLI command ‘configns’ (‘nsconfig’ if at the shell prompt). Select option 1 to change the NetScaler IP Address and Network Mask. Exit, save and reboot.

Note: Changing the NetScaler IP Address always requires a reboot.

8

NetScaler ConfigurationDeployment Model: Netscaler High Availability, Two-Arm Mode, Rewrite.

The NetScalers in this example assume a high availability pair configuration, in two-arm mode. All configuration changes will be made on the Primary NetScaler and will be propagated to the Secondary NetScaler. The NetScalers in Two-Arm mode provide the utmost in site performance, as the NetScaler evaluates rewrite policies for requests and responses.

Connect to the NetScaler via the NSIP using a web browser. In this example: NS1: http://10.217.104.51NS2: http://10.217.104.52

Note: Java will be installed.

Default login is: nsroot, nsroot.

Ethernet

9

About RewriteBasic Information

The Application Switch Rewrite feature is a general-purpose HTTP header and body modification utility. It allows you to add HTTP headers to an HTTP request or response, make modifications to individual HTTP headers, and delete HTTP headers. It also gives you control over modifying the HTTP body in requests and responses.

HTTP headers control the behavior of the web server and browser. Headers tell the web server what type of browser the user is using, so that the server can send the appropriate type of content.

Headers also control browser caching of server content. They allow tracking of user sessions and per-user customization of content. Headers can support language and character-set negotiations.

The data section of a request or response contains the information to be transmitted. Requests often do not contain a data section, but if there is a data section, it will contain information entered into a web form. In responses, the data section contains text and images that will appear in the browser.

When the Application Switch receives a request or sends a response, it checks for Rewrite rules, and if applicable rules exist, it applies them to the request or response before passing it on to the web server or client.

A Rewrite command can be used to perform the following tasks:

Modify the URL of a request. You can change the URL for requests.

Insert or Delete an HTTP header. You can insert HTTP headers into both requests and responses, and delete HTTP headers from both requests and responses.

Replace any string. You can replace any string with any other string.

Insert a string before or after any other string. You can locate any HTML or text string, and insert any other string either before or after it. This allows you to add data to specific HTTP headers.

Delete any string. You can delete any string within the HTTP headers.

The Installation and Configuration Guide, Volume 1 (NS_ICG_V1.pdf) provides more detail surrounding Rewrite configuration and should be used as another reference.

•

•

•

•

•

10

The Rewrite Process

The Rewrite feature can modify Requests (ex: Red) before they reach the application servers and Responses (ex: Blue) before they reach the client.

GET / HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*

Accept-Language: en-us

UA-CPU: x86

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727)

Host: accel82.citrix.com:8000

Connection: Keep-Alive

Cookie: oracle.uix=0^^GMT-7:00^p

HTTP/1.1 200 OK

Date: Fri, 18 Apr 2008 23:08:42 GMT

Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server

Last-Modified: Sat, 05 Apr 2008 21:21:11 GMT

ETag: “2c4644-516-47f7ed47” Accept-Ranges: bytes

Content-Length: 1302

Keep-Alive: timeout=15

Connection: Keep-Alive

Content-Type: text/html

Navigate to System Settings Basic Features. Select Rewrite and click OK.

Enabling Rewrite

The NetScaler should have the appropriate license installed to enable Rewrite.

11

Requests Responses

BrowserRequest

Check forPolicies

RequestRewrite

Evaluation

ServerResponse

ResponseRewrite

Check forPolicies

Evaluation

1) Browser Request.The client’s browser sends a request to the web server via the Application Switch.

2) Check for Policies.The Application Switch checks the request time policy bank for applicable policies.

3) Evaluation.The Application Switch builds a set of actions to apply to the request after evaluating the list of prioritized policies.

4) Request Rewrite.The Application Switch rewrites the request and forwards it to the web server.

8) Response Rewrite.The Application rewrites the response and forwards it to the client’s browser.

7) Evaluation.The Application Switch builds a set of actions to apply to the response after evaluating the list of prioritized policies.

6) Check for Policies.The Application Switch checks the response time policy bank for applicable policies.

5) Server Response.The Web Server receives the request, and sends a response.

Rewrite Process Illustrated

12

Important Policy Behavior - Policy Engine (PE)

Rewrite Policies get evaluated in the order that they are classified in, that is with their priority numbers. When a user’s browser sends a request to your web server, the Application Switch checks the request time policy bank. If it finds Rewrite policies, it evaluates each policy in order of priority, starting with the lowest number and proceeding to the highest number.

The priority assigned to a policy is a positive integer. The policy with the lowest integer priority is evaluated first. The Application Switch then moves to the policy with the next-lowest integer priority and evaluates it. It repeats this process until it has evaluated all policies.

Each policy consists of an expression that should evaluate to True or False.

When the Application Switch sees a True value, it extracts the action associated with the policy, and places it on the list of actions to preform on the current request or response.

It then evaluates the gotoExpr, an expression that evaluates as any one of the following values:

An integer equal to an existing policy priority. If the gotoExpr evaluates as an integer that equals the priority assigned to an existing bound policy, and that policy priority is higher than the priority of the current policy, the Application Switch goes directly to that policy, skipping over any policies with priorities between that of the current policy and the policy defined by gotoExpr.

Note: The lower the priority number assigned to a policy, the higher the priority.

NEXT. If the gotoExpr evaluates as the string NEXT, the Application Switch proceeds to the next policy in the priority ranking.

END. If the gotoExpr evaluates as the string END, the Application Switch terminates policy evaluation and proceeds directly to applying the existing list of actions to the request or response HTTP headers.

Undefined. A gotoExpr evaluates as Undefined if there is an error in the expression used in the policy rule, or if it evaluates as an integer which does not match the priority of any bound policy, or if it evaluates as a number lower than the priority assigned to the current policy. When a policy evaluates as Undefined, either the policy-specific or the global undefAction is triggered. The undefAction is the action performed when the Application Switch detects an error in the Rewrite process. It can be set to either of the following two values:

NOREWRITE. If the undefAction is set to NOREWRITE, the Application Switch aborts the Rewrite process entirely and forwards the request or response without performing any actions it may have on its list.

RESET. If the undefAction is set to RESET, the Application Switch resets the connection between the client and the web server.

When the web server sends a response, the Application Switch goes through the same process, with minor changes. It checks the response time policy bank rather than the request time policy bank for applicable policies.

•

•

•

•

•

•

13

NOTE: Priorities are specific to the bind point they are assigned to. For example, a request rewrite policy can have a priority of 10 bound to a Load Balancing VIP, while a response rewrite policy can also have a priority of 10 if it is bound to a content switching VIP.

Actions cannot depend upon the results of other actions. For example, suppose you define one action to add a Cache-Control header to the request, and a second action that looks for that Cache-Control header to modify it. The second action will not be performed, because it will be unable to find the Cache-Control header in the original, unmodified request.

A single HTTP header should not be modified by multiple actions. While you can configure multiple actions to modify the same HTTP header, the Application Switch performs each action on the unmodified request headers. Therefore, the behavior of the Rewrite feature is undefined for multiple modifications to the same text, and the results will probably not be what you expected when you defined the actions.

Bind Points

Bind points are a very powerful aspect of the rewrite policies. A bind point is a collection of active policies and can be invoked by other policies. When a bind point is invoked, the policies that comprise the bind point are evaluated in the order of the priorities that are assigned to them by the user. The scope of the priority assigned to a policy is limited to the bind point that the policy is bound to. This implies that the priority of a policy is only relative to the priorities of the other policies bound to the bind point.

The following bind points are created implicitly by the rewrite feature:

Request Override: Policies bound to this bind point are only evaluated for requests. These policies are the first to be evaluated by the rewrite feature. This implies that these policies override the policies bound to the other bind points.

Request Default: Policies bound to this bind point constitute the default request processing behavior.

Response Override: Policies bound to this bind point are only evaluated for responses. These policies are the first to be evaluated by the rewrite feature. This implies that these policies override the policies bound to the other bind points.

Response Default: Policies bound to this bind point constitute the default response processing behavior.

Load Balancing or Content Switching Virtual Servers: Both request and response rewrite policies can be bound to load balancing or content switching virtual servers using the system’s policy infrastructure.

•

•

•

•

•

TIP: If you only want to Rewrite Requests and Responses on one Application, you bind those policies to the Load Balancing VIP or Content Switching VIP, otherwise if you bind them to the Defaults or Overrides all traffic will get Rewritten.

14

Application ProfilingTaking a trace

Running a trace will help you ‘profile’ the application. It is recommended that you do this before placing the Citrix Application Switch in-line of the Application traffic. This will gather important information about the Application that will help you understand it’s basic operation at Layer 7, and help you begin to understand what it is that needs to be cached.

Running a trace exposes the flow of transactions between all points of interest. Traces are especially helpful when digging in to find what is contained within the headers being exchanged between the client and the application.

For Requests from the client, look at the GET Header for cache-able objects, or objects that will likely be cache ‘hits’. In other words, objects that might be well served from cache.

For Responses from the server, look at the Content-Type: Header for cache-able objects.

Taking a trace with wireshark

The free network protocol analyzer called wireshark, http://www.wireshark.org, will capture packets for you on the localhost, whether it’s windows or linux. By filtering the stream of packets by IP Address, right clicking and selecting ‘Follow TCP Stream’ inside of wireshark, you can see the headers for both requests and responses.

15

Taking a trace with the Citrix Application Switch

Running a trace will expose the flow of transactions between all points of interest, especially the client, load balancing VIPs and backend servers. Traces are especially helpful when digging in to find out if the proper headers are being exchanged between client <--> VIP and VIP <--> backend servers. A trace can be run directly on the Citrix Application Switch. Once downloaded this file can be opened and request and response headers read with Wireshark, a free network trace utility, http://www.wireshark.org.

From the GUI, navigate to NetScaler System Diagnostics New Trace Run.

Viewing headers with Paros

Paros was originally written for web security, but has value when viewing request and response headers, cookies and the like. Through Paros’s proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted. There is an additional option of trapping and modifying data before sending it on to the server, or client. Paros can be found at http://parosproxy.org.

Viewing headers with Live HTTP Headers

Live HTTP Headers, http://livehttpheaders.mozdev.org/, was developed for use with the Firefox web browser. It is a free add-on and allows you to view HTTP header information in real time.

Viewing headers with IE Analyzer

IEInspector HTTP Analyzer, http://www.ieinspector.com, is a tool that allows you to monitor, trace, debug and analyze HTTP/HTTPS traffic in real-time. It works with Microsoft Internet Explorer.

Viewing headers with IE Watch

IEWatch, http://www.iewatch.com, is another plug-in for Microsoft Internet Explorer that helps you profile your web applications. You can use this tool to dig deep into the inner workings of web applications to find hidden issues.

16

Configuring RewriteCreate Rewrite Action

Configuring Rewrite in the Application Switch is a simple 3 step process. First you need to define an ‘Action’ to perform on the Request or Response, define a ‘Policy’ that invokes the action, and ‘Bind’ it to a Load Balancing VIP. If you follow the guidelines in the Application Profiling, taking a trace section, you should be able to quickly assess which headers you need to use in building the policies.

For the example in this deployment guide, we have a Load Balancing VIP that is front-ending and Oracle Enterprise Business Suite 12 application. After running a trace we find that just setting up a Load Balancing VIP to handle the traffic doesn’t suffice. In addition to TCP port 8000, and a different Hostname, we find there are some redirects upon login and some chunked-encoding transfers.

Below are the actions we need to perform on Requests and Responses.

Request Rewrite Actions Name Action Expression for Target Expression Replacement Text Pattern

req_act_repHost Replace HTTP.REQ.HEADER(“Host”) “accel82.citrix.com”

req_act_repHttpver Replace HTTP.REQ.VERSION.MINOR “0”

req_act_remTE Remove TE

req_pol_insConn Insert Connection “Keep-Alive”

Response Rewrite Actions Name Action Expression for Target Replacement Text Pattern

res_act_repHost Replace HTTP.RES.HEADER(“Host”) “http://accel91.citrix.com”

res_act_repCont Replace All HTTP.RES.BODY(10000000) “http://accel91.citrix.com” http://accel82.citrix.com

res_act_repRed Replace All HTTP.RES.HEADER(“Location” “http://accel91.citrix.com” http://accel82.citrix.com

The first request rewrite replaces the host header field so that the backend server will recognize that the request is destined for it, http://accel82.citrix.com; however, our client accessed it from http://accel91.citrix.com through the load balancing VIP. The other three request rewrite actions are required to prevent the Oracle server from sending chunked-encoding responses back to the client.

The first response rewrite, is the inverse of the first request rewrite in that it replaces the outgoing host header with http://accel91.citrix.com. Oracle sends entire pages with URL’s contained within it, so we then do a complete response body rewrite and replace all URL’s with http://accel91.citrix.com, so they are accessible from the load balancing VIP. Replacing the Location header is for any redirect’s the Oracle server sends to the client.

17

18

To add rewrite actions, from the GUI, navigate to NetScaler Rewrite Actions Add.

Request Rewrite Actions.

19

Response Rewrite Actions.

20

Rewrite Actions: types, targets, text and patternsType Expression target text Expression value text Pattern

INSERT_HTTP_HEADER Header name that you want to insert. ex: Client-IP

Expression that provides the contents of what you want to insert. ex: CLIENT.IP.SRC

n/a

INSERT_BEFORE Inserts a new string before the target location in the HTTP headers. ex: HTTP.REQ.HOSTNAME.BEFORE_STR (“example.com”)

Insertion text. ex: “en.” in the text area results in a Host header of en.example.com.

n/a

INSERT_AFTER Inserts a new string after the target location in the HTTP headers. ex: HTTP.REQ.HOSTNAME.AFTER_STR (“WWW.”)

Insertion text. ex: “en.” in the text area results in a Host header of www.en.example.com

n/a

REPLACE Replace the target header. ex: HTTP.REQ.HOSTNAME.SERVER

Replacement text: ex: “web.example.net”

n/a

DELETE Delete the target text expression. ex: HTTP.RES.HEADER(“Host”) .SUBSTR(“en.”)

n/a n/a

DELETE_HTTP_HEADER Delete the target header. ex: HTTP.RES.HEADER (“Cache-Control”)

n/a n/a

REPLACE_HTTP_RES The string expression that describes the string you want to replace the HTTP response with. ex: “HTTP 200 OK You are not authorized to view this page”

n/a n/a

REPLACE_ALL The part of the HTTP request or response to perform the replacement. ex: HTTP.RES.BODY(10000000)

Replacement text. ex: replace with “example.com”

The pattern to replace. ex: replace all occurances of “web1.example.net” with example.com in the response.

DELETE_ALL The part of the HTTP request or reponse to perform the delete. ex: HTTP.RES.BODY(10000000)

n/a The pattern to delete. ex: delete all occurances of “web1.example.com” in the response.

INSERT_BEFORE_ALL The part of the HTTP request or reponse to perform the insert. ex: HTTP.RES.BODY(10000000)

Replacement text. ex: “www.” The pattern indicating where before you want the insertion to occur. ex: “example.com”.

INSERT_AFTER_ALL The part of the HTTP request or reponse to perform the insert. ex: HTTP.RES.BODY(10000000)

Replacement text. ex: “example.com”

The pattern indicating where before you want the insertion to occur. ex: “www.”.

21

Create Rewrite Policy

Once the Actions are defined, you need to define the Policies to invoke the actions.

Below are the policies we need to perform on Requests and Responses.

Request Rewrite PoliciesName Action Expression for matching Undefined Action Priority

req_pol_repHost req_act_repHost HTTP.REQ.HEADER(“Host”).EQ.(“accel91.citrix.com”) NOREWRITE 10

req_pol_repHttpVer req_act_repHttpver HTTP.REQ.HOSTNAME.SERVER.EQ.(“accel91.citrix.com”) NOREWRITE 20

req_pol_remTE req_act_remTE HTTP.REQ.HOSTNAME.SERVER.EQ.(“accel91.citrix.com”) NOREWRITE 30

req_pol_insConn req_act_insConn HTTP.REQ.HOSTNAME.SERVER.EQ.(“accel91.citrix.com”) NOREWRITE 40

Response Rewrite PoliciesName Action Expression for matching Undefined Action Priority

res_pol_repHost res_act_repHost TRUE NOREWRITE 110

res_pol_repCont res_act_repCont TRUE NOREWRITE 120

res_pol_repRed res_act_repRed TRUE NOREWRITE 130

22

To add rewrite policies, from the GUI, navigate to NetScaler Rewrite Policies Add.

Request Rewrite Policies.

23

Response Rewrite Policies.

24

Create Rewrite Bind Point

Once the Policies and Actions are defined, you need to bind them to make them active on request and response headers.

To bind rewrite policies to Request Override, Request Default, Response Override or Response Default, you will need to do this through the Rewrite Policy Manager. Once inside the Rewrite Policy Manager, click-and-drag the policy from the center ‘available-policies’ over to the left side ‘configured-policies’. Here is where you also set the priority of the policy. A lower priority number indicates a higher priority.

NOTE: In the example used in this deployment guide we chose to bind the Request Rewrite policies to the Request Override, which has the effect of applying this policy to all traffic that flows through the Application Switch. The Response Rewrite policies were bound to the Load Balancing VIP only, which means that they were applied only to the traffic that flowed through that Load Balancing VIP. This was done for demonstration purposes, that policies can be bound to traffic either way.

To bind the policies using the Rewrite Policy Manager, from the GUI, navigate to NetScaler Rewrite. Select <Rewrite Policy Manager> from the main window.

25

To bind rewrite policies to a Load Balancing or Content Switching VIP, you need to apply these policies directly to the VIP within the Load Balancing or Content Switching module. To bind the policy, check mark the policy, and set a priority. Lower priority numbers indicate a higher priority. Be sure to set the Goto Expression to go to the next Priority.

To bind the response rewrite policies to the Load Balancing VIP, from the GUI, navigate to NetScaler Load Balancing Policies tab.

26

Appendix A - NetScaler Application Switch ConfigurationPrimary NetScaler> #NS8.0 Build 53.2

set ns config -IPAddress 10.217.104.51 -netmask 255.255.255.0

enable ns feature REWRITE

set interface 0/1 -speed AUTO -duplex AUTO -autoneg ENABLED -haMonitor ON -trunk OFF -lacpMode DISABLED -throughput 0

set interface 1/2 -speed AUTO -duplex AUTO -flowControl RX -autoneg ENABLED -haMonitor OFF -trunk OFF -lacpMode DISABLED -throughput 0

set interface 1/5 -speed AUTO -duplex AUTO -flowControl RX -autoneg ENABLED -haMonitor OFF -trunk OFF -lacpMode DISABLED -throughput 0

add HA node 2 10.217.104.52

add ns ip 10.217.104.54 255.255.255.0 -vServer DISABLED -gui SECUREONLY -mgmtAccess ENABLED

add ns ip 67.97.253.83 255.255.255.248 -vServer DISABLED -mgmtAccess ENABLED

add ns ip 10.217.104.53 255.255.255.0 -type MIP -vServer DISABLED -mgmtAccess ENABLED

add vlan 10

add vlan 11

bind vlan 10 -ifnum 1/2

bind vlan 11 -ifnum 1/5

bind vlan 11 -IPAddress 67.97.253.83 255.255.255.248

add vrID 60

bind vrID 60 -ifnum 0/1

add lb vserver LBVS89 HTTP 67.97.253.91 8000 -persistenceType NONE -lbMethod ROUNDROBIN -cltTimeout 180

add rewrite action req_act_replaceHostname replace “HTTP.REQ.HEADER(\”Host\”)” “\”accel82.citrix.com\””

add rewrite action req_act_replaceHttpVer replace HTTP.REQ.VERSION.MINOR “\”0\””

add rewrite action req_act_removeTEHeader delete_http_header TE

add rewrite action req_act_insertConnKalive insert_http_header Connection “\”Keep-Alive\””

add rewrite policy req_pol_replaceHostpol “HTTP.REQ.HEADER(\”Host\”).EQ(\”accel91.citrix.com\”)” req_act_replaceHostname NOREWRITE

add rewrite policy req_pol_replaceHttpVer “HTTP.REQ.HOSTNAME.SERVER.EQ(\”accel91.citrix.com\”)” req_act_replaceHttpVer NOREWRITE

add rewrite policy req_pol_removeTEHeader “HTTP.REQ.HOSTNAME.SERVER.EQ(\”accel91.citrix.com\”)” req_act_removeTEHeader NOREWRITE

add rewrite policy req_pol_insertConnHeader “HTTP.REQ.HOSTNAME.SERVER.EQ(\”accel91.citrix.com\”)” req_act_insertConnKalive NOREWRITE

27

add rewrite action res_act_replaceHostInContent89 replace_all HTTP.RES.BODY(10000000) “\”http://accel91.citrix.com\”” -pattern http://accel82.citrix.com

add rewrite action res_act_replaceHostnameResp89 replace “HTTP.RES.HEADER(\”Host\”)” “\”http://accel91.citrix.com\””

add rewrite action res_act_replaceHeaderRedirect89 replace_all “HTTP.RES.HEADER(\”Location\”)” “\”http://accel91.citrix.com\”” -pattern http://accel82.citrix.com

add rewrite policy res_pol_replaceHostpolResp89 TRUE res_act_replaceHostnameResp89 NOREWRITE

add rewrite policy res_pol_replaceContent89 TRUE res_act_replaceHostInContent89 NOREWRITE

add rewrite policy res_pol_replaceRedirect89 TRUE res_act_replaceHeaderRedirect89 NOREWRITE

bind rewrite global req_pol_replaceHostpol 10 20 -type REQ_OVERRIDE

bind rewrite global req_pol_replaceHttpVer 20 30 -type REQ_OVERRIDE

bind rewrite global req_pol_removeTEHeader 30 40 -type REQ_OVERRIDE

bind rewrite global req_pol_insertConnHeader 40 END -type REQ_OVERRIDE

set rewrite param -undefAction NOREWRITE

bind lb vserver LBVS89 OracleApplication

bind lb vserver LBVS89 -policyName res_pol_replaceRedirect89 -priority 100 -gotoPriorityExpression 110 -type RESPONSE

bind lb vserver LBVS89 -policyName res_pol_replaceHostpolResp89 -priority 110 -gotoPriorityExpression 120 -type RESPONSE

bind lb vserver LBVS89 -policyName res_pol_replaceContent89 -priority 120 -gotoPriorityExpression END -type RESPONSE

www.citrix.com

Citrix WorldwideWorldwide headquarters

Citrix Systems, Inc.851 West Cypress Creek RoadFort Lauderdale, FL 33309USAT +1 800 393 1888T +1 954 267 3000

Regional headquarters

AmericasCitrix Silicon Valley4988 Great America ParkwaySanta Clara, CA 95054USAT +1 408 790 8000

EuropeCitrix Systems International GmbHRheinweg 98200 SchaffhausenSwitzerlandT +41 52 635 7700

Asia PacificCitrix Systems Hong Kong Ltd.Suite 3201, 32nd FloorOne International Finance Centre1 Harbour View StreetCentralHong KongT +852 2100 5000

Citrix Online division5385 Hollister AvenueSanta Barbara, CA 93111USAT +1 805 690 6400

www.citrix.com

About CitrixCitrix Systems, Inc. (Nasdaq:CTXS) is the global leader and the most trusted name in application delivery infrastructure. More than 200,000 organizations worldwide rely on Citrix to deliver any application to users anywhere with the best performance, highest security and lowest cost. Citrix customers include 100% of the Fortune 100 companies and 98% of the Fortune Global 500, as well as hundreds of thousands of small businesses and prosumers. Citrix has approximately 6,200 channel and alliance partners in more than 100 countries. Annual revenue in 2006 was $1.1 billion.

Citrix®, NetScaler®, GoToMyPC®, GoToMeeting®, GoToAssist®, Citrix Presentation Server™, Citrix Password Manager™, Citrix Access Gateway™, Citrix Access Essentials™, Citrix Access Suite™, Citrix SmoothRoaming™ and Citrix Subscription Advantage™ and are trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the U.S. Patent and Trademark Office and in other countries. UNIX® is a registered trademark of The Open Group in the U.S. and other countries. Microsoft®, Windows® and Windows Server® are registered trademarks of Microsoft Corporation in the U.S. and/or other countries. All other trademarks and registered trademarks are property of their respective owners.