Jump to content


Photo

URL transformation policies

Started by Phil Taylor , 21 April 2017 - 11:54 AM
5 replies to this topic

Phil Taylor Members

Phil Taylor
  • 5 posts

Posted 21 April 2017 - 11:54 AM

Hi folks
 
I have a task to create a load balanced service using content switching and URL transformation. The aim is for the user to access the service with a URL such as http://FQDN/folder1 and for the Netscaler to strip out the /folder1 before sending it to the backend servers on one of two ports.
 
The following is the procedure I followed:
 
 
add serviceGroup svcgrp-service1 HTTP -comment "Service1 service group"
 
add lb monitor mon-service1 HTTP -respCode 200 -httpRequest "GET /MonitoredURL" 
bind lb monitor mon-service1 svcgrp-service1
 
 
add server svr-server1 server1.domain.com -comment "backend server1"
add server svr-server2 server2.domain.com -comment "backend server2"
 
bind serviceGroup svcgrp-service1 svr-server1 8080
bind serviceGroup svcgrp-service1 svr-server1 8180
bind serviceGroup svcgrp-service1 svr-server2 8080
bind serviceGroup svcgrp-service1 svr-server2 8180
 
add ns ip 10.1.1.1 255.255.255.0 -type VIP
 
 
        
add lb vserver vs-service1 HTTP 0.0.0.0 0 -comment "Service1 local load balancer"
bind lb vserver vs-service1 svcgrp-service1
 
add transform profile tfprof-service1
 
add transform action tfact-service1 tfprof-service1 10
set transform action tfact-service1 -priority 10 -reqUrlFrom "http://(.*)/folder1/(.*)" -reqUrlInto "http://$1/$2" -resUrlFrom "http://(.*)/(.*)" -resUrlInto "http://$1/folder1/$2"
 
add transform policy tfpol-service1 "HTTP.REQ.URL.PATH.GET(1).SET_TEXT_MODE(Ignorecase).EQ(\"folder1\")" tfprof-service1
 
 
 
All the above commands were accepted but then when I came to do the following command: 
 
bind lb vserver vs-service1 -policyName tfpol-service1 -priority 10 -gotoPriorityExpression END -type REQUEST
 
to bind the URL transformation policy to the lb vserver I got the error "ERROR: Binding invalid policy"
 
 
I was supposed to go on then to deploy the content switching part but didn't go any further due to this problem.
 
This was done on Netscalers running version 9.3 of the software. The same commands were implemented successfully a few days earlier, for another service, on Netscalers running version 10.5. Evidently there has been some change between these versions relating to the definition or application of transform policies. 
 
Can anyone see what the problem is with this bind command, or the definition of the transform policy? 
 
Thanks in advance
Phil.
 
 
 

 



Joe Brozzetti Members

Joe Brozzetti
  • 165 posts

Posted 21 April 2017 - 07:27 PM

The syntax looks right for newer versions of NS.  Can you use the GUI to bind the policy? 



Rhonda Rowland Members

Rhonda Rowland
  • 79 posts

Posted 22 April 2017 - 12:06 AM

 
 
add transform policy tfpol-service1 "HTTP.REQ.URL.PATH.GET(1).SET_TEXT_MODE(Ignorecase).EQ(\"folder1\")" tfprof-service1
 
 
 
All the above commands were accepted but then when I came to do the following command: 
 
bind lb vserver vs-service1 -policyName tfpol-service1 -priority 10 -gotoPriorityExpression END -type REQUEST
 
to bind the URL transformation policy to the lb vserver I got the error "ERROR: Binding invalid policy"
 

 

Well, you do have some deprecated syntax earlier; it still works just doesn't like it:

instead of the bind lb monitor command (binding a monitor to a service via the monitor object)

add lb monitor mon-service1 HTTP -respCode 200 -httpRequest "GET /MonitoredURL" 
bind lb monitor mon-service1 svcgrp-service1

 

The preferred command would be:

add lb monitor mon-service1 HTTP -respCode 200 -httpRequest "GET /MonitoredURL" 
bind servicegroup svcgrp-service1 -monitorName mon-service1
 
However, when I ran your commands on a NS 11.1 system (11.1.52.13); I didn't get any policy bind command errors at all.
 
It's possible, that when you were entering the commands you missed an error earlier in the output.  Or you had mismatched quotes or maybe smart-quotes or em-dashes (--) converted and one of the commands choked, or a soft line wrap.   Try again via a text editor first and see if it doesn't work the second time.  
 
So, no obvious issues.  If its still an issue on 10.5, do what Joe B suggested.  Try the binding via the GUI and then see what the runningconfig result is and see if it is a version specific issue.  Also, try reviewing the show running config for the previous commands and make sure some other line edit isn't real culprit. But it should work.


Phil Taylor Members

Phil Taylor
  • 5 posts

Posted 24 April 2017 - 08:50 AM

All the other monitor to servicegroup bindings on this Netscaler are specified as "bind lb monitor monitorname servicegroup name. I know it's the other way round on version 10.5 as we have other Netscalers running 10.5 but on 9.3 I'm confident the monitor binding is correct. 

 

In terms of trying the bind vserver to policyname command via GUI I don't even know whether we have access to the GUI. We always do these changes via command line. In any case this is a live customer environment and, as such, isn't somewhere we can experiment. We have to specify in advance what we're going to do, with a large degree of confidence it will work, and stick with it.



Rhonda Rowland Members

Rhonda Rowland
  • 79 posts

Posted 24 April 2017 - 12:46 PM

I misunderstood your request, I though you were running the commands on 10.5 and later after an upgrade from 9.3, not trying to get it to run on 9.3.

 

I could be wrong about this, but at one point in time URL Transformation policies could only be bound globally and not to individual vservers.  (Just like AppFw policies for a time.)  URL Transforms were also considered bi-directional and originally, the cli did not use the -type request/response, flag as much as it does now.  I just can't remember if that changed between 9.0-9.2 or after 9.3. Your welcome to see if anyone else can confirm. 

 

If you want to try the bind command to the virtual server, try it without the "-type request" option.

If that doesn't work, you may have to bind globally and ensure your policy expression is narrow enough to limit the scope to your vserver only.

 

bind transform global <policy name> <priority>

 

Your welcome to wait to see if someone else weighs in on whether this was still a limitation in 9.3 or not.



Joe Brozzetti Members

Joe Brozzetti
  • 165 posts

Posted 24 April 2017 - 04:03 PM

I believe 9.3 is global only.  I misunderstood as well and thought this was a 10.5 config.

 

https://docs.citrix.com/content/dam/docs/en-us/netscaler/9-3/downloads/en.netscaler.ns-rewrite-wrapper-con-93.pdf

 

URL Transform is Page 54 and only option is global bind