Rewrite Deployment Guide - Citrix

Deployment Guide

Rewrite Deployment Guide A Step-by-Step Technical Guide

Deployment Guide

Notice: The information in this publication is subject to change without notice. THIS PUBLICATION IS PROVIDED “AS IS” WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. CITRIX SYSTEMS, INC. (“CITRIX”), SHALL NOT BE LIABLE FOR TECHNICAL OR EDITORIAL ERRORS OR OMISSIONS CONTAINED HEREIN, NOR FOR DIRECT, INCIDENTAL, CONSEQUENTIAL OR ANY OTHER DAMAGES RESULTING FROM THE FURNISHING, PERFORMANCE, OR USE OF THIS PUBLICATION, EVEN IF CITRIX HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE. This publication contains information protected by copyright. Except for internal distribution, no part of this publication may be photocopied or reproduced in any form without prior written consent from Citrix. The exclusive warranty for Citrix products, if any, is stated in the product documentation accompanying such products. Citrix does not warrant products other than its own. Product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. Copyright © 2008 Citrix Systems, Inc., 851 West Cypress Creek Road, Ft. Lauderdale, Florida 333092009 U.S.A. All rights reserved.

Table of Contents

Introduction...........................................................................................................................................4 Solution Requirements...........................................................................................................................5 Prerequisites..........................................................................................................................................5 Network Diagram..................................................................................................................................6 First time connectivity............................................................................................................................7 Serial Connection.............................................................................................................................7 Ethernet Connection.........................................................................................................................7 NetScaler Configuration.........................................................................................................................8 Deployment Model: Netscaler High Availability, Two-Arm Mode, Rewrite...........................................8 About Rewrite........................................................................................................................................9 Basic Information..............................................................................................................................9 Enabling Rewrite.............................................................................................................................10 The Rewrite Process.......................................................................................................................10 Important Policy Behavior - Policy Engine (PE)................................................................................12 Bind Points.....................................................................................................................................13 Application Profiling.............................................................................................................................14 Taking a trace.................................................................................................................................14 Taking a trace with wireshark..........................................................................................................14 Taking a trace with the Citrix Application Switch..............................................................................15 Viewing headers with Paros............................................................................................................15 Viewing headers with Live HTTP Headers.......................................................................................15 Viewing headers with IE Analyzer....................................................................................................15 Viewing headers with IE Watch.......................................................................................................15 Configuring Rewrite.............................................................................................................................16 Create Rewrite Action.....................................................................................................................16 Create Rewrite Policy......................................................................................................................21 Create Rewrite Bind Point...............................................................................................................24 Appendix A - NetScaler Application Switch Configuration....................................................................26

Introduction Citrix® NetScaler® optimizes the delivery of web applications — increasing security and improving performance and Web server capacity. This approach ensures the best total cost of ownership (TCO), security, availability, and performance for Web applications. The Citrix NetScaler solution is a comprehensive network system that combines high-speed load balancing and content switching with state-of-the-art application acceleration, layer 4-7 traffic management, data compression, dynamic content caching, SSL acceleration, network optimization, and robust application security into a single, tightly integrated solution. Deployed in front of application servers, the system significantly reduces processing overhead on application and database servers, reducing hardware and bandwidth costs. The Application Switch Rewrite feature is a general-purpose HTTP header and body modification utility. It allows you to add HTTP headers to an HTTP request or response, make modifications to individual HTTP headers, and delete HTTP headers. It also gives you control over modifying the HTTP body in requests and responses. This deployment guide was created as the result of validation testing with the Oracle Enterprise Business Suite v12 application. This deployment guide walks through the step-by-step configuration details of how to configure the Citrix NetScaler application switch for Rewrite and some of the considerations necessary for integration with Oracle EBSv12.



Solution Requirements • Application Delivery Front-End •

Request Rewrite

•

Response Rewrite

•

Oracle E-Business Suite v12

Prerequisites • Citrix NetScaler L4/7 Application Switch, running version 8.0+, (Quantity x 1 for single deployment, Quantity x 2 for HA deployment). • Layer 2/3 switch, w/support for 802.1q VLANs, (Quantity x 1) • Client laptop/workstation running Internet Explorer 6.0+, Ethernet port • 9-pin serial cable -or- USB-to-serial cable

NOTE: The policies in this guide are based on the Policy Engine (PE) architecture in NetScaler version 8.0. The policies for NetScaler version 9.0+ use the Policy Infrastructure (PI) architecture which are different in syntax and methodology. Policy Infrastructure is not discussed in this guide.



Network Diagram The following is the Network that was used to develop this deployment guide, and is representative of a solution implemented at a customer site. VLAN Legend

Primary NetScaler

VLAN 1

Primary/Secondary NetScaler

IP Addresses: NSIP: 10.217.104.51 / 24

VLAN 10

Secondary NetScaler

Shared IP Addresses: VIP: 67.97.253.91 / 29 VIP: 67.97.253.92 / 29

IP Addresses: NSIP: 10.217.104.52 / 24

VLAN 10: Interface 1/2, Untagged

VLAN 11

VLAN 11: Interface 1/5, Untagged MIP: 67.97.253.84 / 29 VLAN 1: (Mgmt) Interface 0/1, Untagged SNIP: 10.217.104.54 / 24

Citrix NetScaler®

Global Internet

Oracle Database Server 169.145.91.81

http://accel91.citrix.com https://accel91.citrix.com

Http Http Https VLAN 11 Int1/5

VLAN 10 Int1/2 subnet 169.145.91.88/29

VLAN 1 Int0/1

subnet 169.145.91.80/29

Admin



169.145.91.82 Oracle Application Server

 Serial: 9600, n, 8, 1



Default IP Address: 192.168.100.1

First time connectivity Serial Connection

Ethernet Connection

The NetScaler can be accessed by the serial port through any terminal emulation program. Windows Hyperterm is commonly used on a laptop or workstation. Connect a 9-pin Null Modem cable (or USB-to-9-pin cable) from the computer to the NetScaler’s console port. In the terminal emulation program configure the settings for 9600 baud, No stop bits, 8 data bits, and 1 parity bit. The login prompt should appear. The default login is nsroot, nsroot. It is advisable to change the nsroot password once connected.

The NetScaler can also be accessed by the default IP Address of 192.168.100.1, either through an http, https, telnet or ssh connection. Once connected, the login prompt should appear. The default login is nsroot, nsroot. It is advisable to change the nsroot password once connected.

Once connected type in the CLI command ‘configns’ (‘nsconfig’ if at the shell prompt). Select option 1 to change the NetScaler IP Address and Network Mask. Exit, save and reboot.

Type in the CLI command ‘configns’ (‘nsconfig’ if at the shell prompt). Select option 1 to change the NetScaler IP Address and Network Mask. Exit, save and reboot. Note: Changing the NetScaler IP Address always requires a reboot.



NetScaler Configuration Deployment Model: Netscaler High Availability, Two-Arm Mode, Rewrite. The NetScalers in this example assume a high availability pair configuration, in two-arm mode. All configuration changes will be made on the Primary NetScaler and will be propagated to the Secondary NetScaler. The NetScalers in Two-Arm mode provide the utmost in site performance, as the NetScaler evaluates rewrite policies for requests and responses.

Connect to the NetScaler via the NSIP using a web browser. In this example: NS1: http://10.217.104.51 NS2: http://10.217.104.52 Note: Java will be installed. Default login is: nsroot, nsroot.



Ethernet

About Rewrite Basic Information The Application Switch Rewrite feature is a general-purpose HTTP header and body modification utility. It allows you to add HTTP headers to an HTTP request or response, make modifications to individual HTTP headers, and delete HTTP headers. It also gives you control over modifying the HTTP body in requests and responses. HTTP headers control the behavior of the web server and browser. Headers tell the web server what type of browser the user is using, so that the server can send the appropriate type of content. Headers also control browser caching of server content. They allow tracking of user sessions and peruser customization of content. Headers can support language and character-set negotiations. The data section of a request or response contains the information to be transmitted. Requests often do not contain a data section, but if there is a data section, it will contain information entered into a web form. In responses, the data section contains text and images that will appear in the browser. When the Application Switch receives a request or sends a response, it checks for Rewrite rules, and if applicable rules exist, it applies them to the request or response before passing it on to the web server or client. A Rewrite command can be used to perform the following tasks: • Modify the URL of a request. You can change the URL for requests. • Insert or Delete an HTTP header. You can insert HTTP headers into both requests and responses, and delete HTTP headers from both requests and responses. • Replace any string. You can replace any string with any other string. • Insert a string before or after any other string. You can locate any HTML or text string, and insert any other string either before or after it. This allows you to add data to specific HTTP headers. • Delete any string. You can delete any string within the HTTP headers. The Installation and Configuration Guide, Volume 1 (NS_ICG_V1.pdf) provides more detail surrounding Rewrite configuration and should be used as another reference.



Enabling Rewrite The NetScaler should have the appropriate license installed to enable Rewrite. Navigate to System  Settings  Basic Features. Select Rewrite and click OK.

The Rewrite Process The Rewrite feature can modify Requests (ex: Red) before they reach the application servers and Responses (ex: Blue) before they reach the client. GET / HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */* Accept-Language: en-us UA-CPU: x86 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727) Host: accel82.citrix.com:8000 Connection: Keep-Alive Cookie: oracle.uix=0^^GMT-7:00^p HTTP/1.1 200 OK Date: Fri, 18 Apr 2008 23:08:42 GMT Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server Last-Modified: Sat, 05 Apr 2008 21:21:11 GMT ETag: “2c4644-516-47f7ed47” Accept-Ranges: bytes Content-Length: 1302 Keep-Alive: timeout=15 Connection: Keep-Alive Content-Type: text/html

10

Requests

Responses

1) Browser Request. The client’s browser sends a request to the web server via the Application Switch.

8) Response Rewrite. The Application rewrites the response and forwards it to the client’s browser.

2) Check for Policies. The Application Switch checks the request time policy bank for applicable policies. 3) Evaluation. The Application Switch builds a set of actions to apply to the request after evaluating the list of prioritized policies.

Browser Request

Response Rewrite

Check for Policies

Evaluation

Evaluation

Check for Policies

Request Rewrite

Server Response

4) Request Rewrite. The Application Switch rewrites the request and forwards it to the web server.

7) Evaluation. The Application Switch builds a set of actions to apply to the response after evaluating the list of prioritized policies. 6) Check for Policies. The Application Switch checks the response time policy bank for applicable policies. 5) Server Response. The Web Server receives the request, and sends a response.

Rewrite Process Illustrated

11

Important Policy Behavior - Policy Engine (PE) Rewrite Policies get evaluated in the order that they are classified in, that is with their priority numbers. When a user’s browser sends a request to your web server, the Application Switch checks the request time policy bank. If it finds Rewrite policies, it evaluates each policy in order of priority, starting with the lowest number and proceeding to the highest number. The priority assigned to a policy is a positive integer. The policy with the lowest integer priority is evaluated first. The Application Switch then moves to the policy with the next-lowest integer priority and evaluates it. It repeats this process until it has evaluated all policies. Each policy consists of an expression that should evaluate to True or False. When the Application Switch sees a True value, it extracts the action associated with the policy, and places it on the list of actions to preform on the current request or response. It then evaluates the gotoExpr, an expression that evaluates as any one of the following values: • An integer equal to an existing policy priority. If the gotoExpr evaluates as an integer that equals the priority assigned to an existing bound policy, and that policy priority is higher than the priority of the current policy, the Application Switch goes directly to that policy, skipping over any policies with priorities between that of the current policy and the policy defined by gotoExpr.

Note: The lower the priority number assigned to a policy, the higher the priority.

• NEXT. If the gotoExpr evaluates as the string NEXT, the Application Switch proceeds to the next policy in the priority ranking. • END. If the gotoExpr evaluates as the string END, the Application Switch terminates policy evaluation and proceeds directly to applying the existing list of actions to the request or response HTTP headers. • Undefined. A gotoExpr evaluates as Undefined if there is an error in the expression used in the policy rule, or if it evaluates as an integer which does not match the priority of any bound policy, or if it evaluates as a number lower than the priority assigned to the current policy. When a policy evaluates as Undefined, either the policy-specific or the global undefAction is triggered. The undefAction is the action performed when the Application Switch detects an error in the Rewrite process. It can be set to either of the following two values: • NOREWRITE. If the undefAction is set to NOREWRITE, the Application Switch aborts the Rewrite process entirely and forwards the request or response without performing any actions it may have on its list. • RESET. If the undefAction is set to RESET, the Application Switch resets the connection between the client and the web server. When the web server sends a response, the Application Switch goes through the same process, with minor changes. It checks the response time policy bank rather than the request time policy bank for applicable policies.

12

Bind Points Bind points are a very powerful aspect of the rewrite policies. A bind point is a collection of active policies and can be invoked by other policies. When a bind point is invoked, the policies that comprise the bind point are evaluated in the order of the priorities that are assigned to them by the user. The scope of the priority assigned to a policy is limited to the bind point that the policy is bound to. This implies that the priority of a policy is only relative to the priorities of the other policies bound to the bind point. The following bind points are created implicitly by the rewrite feature: • Request Override: Policies bound to this bind point are only evaluated for requests. These policies are the first to be evaluated by the rewrite feature. This implies that these policies override the policies bound to the other bind points. • Request Default: Policies bound to this bind point constitute the default request processing behavior. • Response Override: Policies bound to this bind point are only evaluated for responses. These policies are the first to be evaluated by the rewrite feature. This implies that these policies override the policies bound to the other bind points. • Response Default: Policies bound to this bind point constitute the default response processing behavior. • Load Balancing or Content Switching Virtual Servers: Both request and response rewrite policies can be bound to load balancing or content switching virtual servers using the system’s policy infrastructure.

TIP: If you only want to Rewrite Requests and Responses on one Application, you bind those policies to the Load Balancing VIP or Content Switching VIP, otherwise if you bind them to the Defaults or Overrides all traffic will get Rewritten.

NOTE: Priorities are specific to the bind point they are assigned to. For example, a request rewrite policy can have a priority of 10 bound to a Load Balancing VIP, while a response rewrite policy can also have a priority of 10 if it is bound to a content switching VIP. Actions cannot depend upon the results of other actions. For example, suppose you define one action to add a Cache-Control header to the request, and a second action that looks for that Cache-Control header to modify it. The second action will not be performed, because it will be unable to find the Cache-Control header in the original, unmodified request. A single HTTP header should not be modified by multiple actions. While you can configure multiple actions to modify the same HTTP header, the Application Switch performs each action on the unmodified request headers. Therefore, the behavior of the Rewrite feature is undefined for multiple modifications to the same text, and the results will probably not be what you expected when you defined the actions.

13

Application Profiling Taking a trace Running a trace will help you ‘profile’ the application. It is recommended that you do this before placing the Citrix Application Switch in-line of the Application traffic. This will gather important information about the Application that will help you understand it’s basic operation at Layer 7, and help you begin to understand what it is that needs to be cached. Running a trace exposes the flow of transactions between all points of interest. Traces are especially helpful when digging in to find what is contained within the headers being exchanged between the client and the application. For Requests from the client, look at the GET Header for cache-able objects, or objects that will likely be cache ‘hits’. In other words, objects that might be well served from cache. For Responses from the server, look at the Content-Type: Header for cache-able objects.

Taking a trace with wireshark The free network protocol analyzer called wireshark, http://www.wireshark.org, will capture packets for you on the localhost, whether it’s windows or linux. By filtering the stream of packets by IP Address, right clicking and selecting ‘Follow TCP Stream’ inside of wireshark, you can see the headers for both requests and responses.

14

Taking a trace with the Citrix Application Switch Running a trace will expose the flow of transactions between all points of interest, especially the client, load balancing VIPs and backend servers. Traces are especially helpful when digging in to find out if the proper headers are being exchanged between client VIP and VIP backend servers. A trace can be run directly on the Citrix Application Switch. Once downloaded this file can be opened and request and response headers read with Wireshark, a free network trace utility, http://www.wireshark.org.

From the GUI, navigate to NetScaler  System  Diagnostics  New Trace  Run.

Viewing headers with Paros Paros was originally written for web security, but has value when viewing request and response headers, cookies and the like. Through Paros’s proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted. There is an additional option of trapping and modifying data before sending it on to the server, or client. Paros can be found at http://parosproxy. org.

Viewing headers with Live HTTP Headers Live HTTP Headers, http://livehttpheaders.mozdev.org/, was developed for use with the Firefox web browser. It is a free add-on and allows you to view HTTP header information in real time.

Viewing headers with IE Analyzer IEInspector HTTP Analyzer, http://www.ieinspector.com, is a tool that allows you to monitor, trace, debug and analyze HTTP/HTTPS traffic in real-time. It works with Microsoft Internet Explorer.

Viewing headers with IE Watch IEWatch, http://www.iewatch.com, is another plug-in for Microsoft Internet Explorer that helps you profile your web applications. You can use this tool to dig deep into the inner workings of web applications to find hidden issues.

15

Configuring Rewrite Create Rewrite Action Configuring Rewrite in the Application Switch is a simple 3 step process. First you need to define an ‘Action’ to perform on the Request or Response, define a ‘Policy’ that invokes the action, and ‘Bind’ it to a Load Balancing VIP. If you follow the guidelines in the Application Profiling, taking a trace section, you should be able to quickly assess which headers you need to use in building the policies.

The first request rewrite replaces the host header field so that the backend server will recognize that the request is destined for it, http://accel82.citrix.com; however, our client accessed it from http://accel91.citrix.com through the load balancing VIP. The other three request rewrite actions are required to prevent the Oracle server from sending chunked-encoding responses back to the client.

For the example in this deployment guide, we have a Load Balancing VIP that is front-ending and Oracle Enterprise Business Suite 12 application. After running a trace we find that just setting up a Load Balancing VIP to handle the traffic doesn’t suffice. In addition to TCP port 8000, and a different Hostname, we find there are some redirects upon login and some chunked-encoding transfers.

The first response rewrite, is the inverse of the first request rewrite in that it replaces the outgoing host header with http://accel91.citrix. com. Oracle sends entire pages with URL’s contained within it, so we then do a complete response body rewrite and replace all URL’s with http://accel91.citrix.com, so they are accessible from the load balancing VIP. Replacing the Location header is for any redirect’s the Oracle server sends to the client.

Below are the actions we need to perform on Requests and Responses.

Request Rewrite Actions Name

Action

Expression for Target

Expression Replacement Text

req_act_repHost

Replace

HTTP.REQ.HEADER(“Host”)

“accel82.citrix.com”

req_act_repHttpver

Replace

HTTP.REQ.VERSION.MINOR

“0”

req_act_remTE

Remove

TE

req_pol_insConn

Insert

Connection

Pattern

“Keep-Alive”

Response Rewrite Actions Name

Action

Expression for Target

Replacement Text

res_act_repHost

Replace

HTTP.RES.HEADER(“Host”)

“http://accel91.citrix.com”

res_act_repCont

Replace All

HTTP.RES.BODY(10000000)

“http://accel91.citrix.com”

http://accel82.citrix.com

res_act_repRed

Replace All

HTTP.RES.HEADER(“Location”

“http://accel91.citrix.com”

http://accel82.citrix.com

16

Pattern

17

To add rewrite actions, from the GUI, navigate to NetScaler  Rewrite  Actions  Add.

Request Rewrite Actions.

18

Response Rewrite Actions.

19

Rewrite Actions: types, targets, text and patterns Type

Expression target text

Expression value text

Pattern

INSERT_HTTP_HEADER

Header name that you want to insert. ex: Client-IP

Expression that provides the contents of what you want to insert. ex: CLIENT.IP.SRC

n/a

INSERT_BEFORE

Inserts a new string before the target location in the HTTP headers. ex: HTTP.REQ. HOSTNAME.BEFORE_STR (“example.com”)

Insertion text. ex: “en.” in the text area results in a Host header of en.example.com.

n/a

INSERT_AFTER

Inserts a new string after the target location in the HTTP headers. ex: HTTP.REQ. HOSTNAME.AFTER_STR (“WWW.”)

Insertion text. ex: “en.” in the text area results in a Host header of www.en.example.com

n/a

REPLACE

Replace the target header. ex: HTTP.REQ.HOSTNAME.SERVER

Replacement text: ex: “web. example.net”

n/a

DELETE

Delete the target text expression. ex: HTTP.RES.HEADER(“Host”) .SUBSTR(“en.”)

n/a

n/a

DELETE_HTTP_HEADER

Delete the target header. ex: HTTP.RES.HEADER (“CacheControl”)

n/a

n/a

REPLACE_HTTP_RES

The string expression that describes the string you want to replace the HTTP response with. ex: “HTTP 200 OK You are not authorized to view this page”

n/a

n/a

REPLACE_ALL

The part of the HTTP request or response to perform the replacement. ex: HTTP.RES. BODY(10000000)

Replacement text. ex: replace with “example.com”

The pattern to replace. ex: replace all occurances of “web1.example.net” with example.com in the response.

DELETE_ALL

The part of the HTTP request or reponse to perform the delete. ex: HTTP.RES.BODY(10000000)

n/a

The pattern to delete. ex: delete all occurances of “web1.example.com” in the response.

INSERT_BEFORE_ALL

The part of the HTTP request or reponse to perform the insert. ex: HTTP.RES.BODY(10000000)

Replacement text. ex: “www.”

The pattern indicating where before you want the insertion to occur. ex: “example.com”.

INSERT_AFTER_ALL

The part of the HTTP request or reponse to perform the insert. ex: HTTP.RES.BODY(10000000)

Replacement text. ex: “example. com”

The pattern indicating where before you want the insertion to occur. ex: “www.”.

20

Create Rewrite Policy Once the Actions are defined, you need to define the Policies to invoke the actions. Below are the policies we need to perform on Requests and Responses.

Request Rewrite Policies Name

Action

Expression for matching

Undefined Action

Priority

req_pol_repHost

req_act_repHost

HTTP.REQ.HEADER(“Host”).EQ.(“accel91.citrix.com”)

NOREWRITE

10

req_pol_repHttpVer

req_act_repHttpver

HTTP.REQ.HOSTNAME.SERVER.EQ.(“accel91.citrix.com”)

NOREWRITE

20

req_pol_remTE

req_act_remTE

HTTP.REQ.HOSTNAME.SERVER.EQ.(“accel91.citrix.com”)

NOREWRITE

30

req_pol_insConn

req_act_insConn

HTTP.REQ.HOSTNAME.SERVER.EQ.(“accel91.citrix.com”)

NOREWRITE

40

Response Rewrite Policies Name

Action

Expression for matching

Undefined Action

Priority

res_pol_repHost

res_act_repHost

TRUE

NOREWRITE

110

res_pol_repCont

res_act_repCont

TRUE

NOREWRITE

120

res_pol_repRed

res_act_repRed

TRUE

NOREWRITE

130

21

To add rewrite policies, from the GUI, navigate to NetScaler  Rewrite  Policies  Add.

Request Rewrite Policies.

22

Response Rewrite Policies.

23

To bind the policies using the Rewrite Policy Manager, from the GUI, navigate to NetScaler  Rewrite. Select from the main window.

Create Rewrite Bind Point Once the Policies and Actions are defined, you need to bind them to make them active on request and response headers. To bind rewrite policies to Request Override, Request Default, Response Override or Response Default, you will need to do this through the Rewrite Policy Manager. Once inside the Rewrite Policy Manager, click-and-drag the policy from the center ‘available-policies’ over to the left side ‘configured-policies’. Here is where you also set the priority of the policy. A lower priority number indicates a higher priority.

NOTE: In the example used in this deployment guide we chose to bind the Request Rewrite policies to the Request Override, which has the effect of applying this policy to all traffic that flows through the Application Switch. The Response Rewrite policies were bound to the Load Balancing VIP only, which means that they were applied only to the traffic that flowed through that Load Balancing VIP. This was done for demonstration purposes, that policies can be bound to traffic either way.

24

To bind rewrite policies to a Load Balancing or Content Switching VIP, you need to apply these policies directly to the VIP within the Load Balancing or Content Switching module. To bind the policy, check mark the policy, and set a priority. Lower priority numbers indicate a higher priority. Be sure to set the Goto Expression to go to the next Priority.

To bind the response rewrite policies to the Load Balancing VIP, from the GUI, navigate to NetScaler  Load Balancing  Policies tab.

25

Appendix A - NetScaler Application Switch Configuration Primary NetScaler > #NS8.0 Build 53.2 set ns config -IPAddress 10.217.104.51 -netmask 255.255.255.0 enable ns feature REWRITE set interface 0/1 -speed AUTO -duplex AUTO -autoneg ENABLED -haMonitor ON -trunk OFF -lacpMode DISABLED -throughput 0 set interface 1/2 -speed AUTO -duplex AUTO -flowControl RX -autoneg ENABLED -haMonitor OFF -trunk OFF -lacpMode DISABLED throughput 0 set interface 1/5 -speed AUTO -duplex AUTO -flowControl RX -autoneg ENABLED -haMonitor OFF -trunk OFF -lacpMode DISABLED throughput 0 add HA node 2 10.217.104.52 add ns ip 10.217.104.54 255.255.255.0 -vServer DISABLED -gui SECUREONLY -mgmtAccess ENABLED add ns ip 67.97.253.83 255.255.255.248 -vServer DISABLED -mgmtAccess ENABLED add ns ip 10.217.104.53 255.255.255.0 -type MIP -vServer DISABLED -mgmtAccess ENABLED add vlan 10 add vlan 11 bind vlan 10 -ifnum 1/2 bind vlan 11 -ifnum 1/5 bind vlan 11 -IPAddress 67.97.253.83 255.255.255.248 add vrID 60 bind vrID 60 -ifnum 0/1 add lb vserver LBVS89 HTTP 67.97.253.91 8000 -persistenceType NONE -lbMethod ROUNDROBIN -cltTimeout 180 add rewrite action req_act_replaceHostname replace “HTTP.REQ.HEADER(\”Host\”)” “\”accel82.citrix.com\”” add rewrite action req_act_replaceHttpVer replace HTTP.REQ.VERSION.MINOR “\”0\”” add rewrite action req_act_removeTEHeader delete_http_header TE add rewrite action req_act_insertConnKalive insert_http_header Connection “\”Keep-Alive\”” add rewrite NOREWRITE

policy

req_pol_replaceHostpol

add rewrite NOREWRITE

policy

req_pol_replaceHttpVer

“HTTP.REQ.HEADER(\”Host\”).EQ(\”accel91.citrix.com\”)” “HTTP.REQ.HOSTNAME.SERVER.EQ(\”accel91.citrix.com\”)”

req_act_replaceHostname req_act_replaceHttpVer

add rewrite policy req_pol_removeTEHeader “HTTP.REQ.HOSTNAME.SERVER.EQ(\”accel91.citrix.com\”)” req_act_removeTEHeader NOREWRITE add rewrite policy req_pol_insertConnHeader “HTTP.REQ.HOSTNAME.SERVER.EQ(\”accel91.citrix.com\”)” req_act_insertConnKalive NOREWRITE

26

add rewrite action res_act_replaceHostInContent89 replace_all HTTP.RES.BODY(10000000) “\”http://accel91.citrix.com\”” -pattern http:// accel82.citrix.com add rewrite action res_act_replaceHostnameResp89 replace “HTTP.RES.HEADER(\”Host\”)” “\”http://accel91.citrix.com\”” add rewrite action res_act_replaceHeaderRedirect89 replace_all “HTTP.RES.HEADER(\”Location\”)” “\”http://accel91.citrix.com\”” -pattern http://accel82.citrix.com add rewrite policy res_pol_replaceHostpolResp89 TRUE res_act_replaceHostnameResp89 NOREWRITE add rewrite policy res_pol_replaceContent89 TRUE res_act_replaceHostInContent89 NOREWRITE add rewrite policy res_pol_replaceRedirect89 TRUE res_act_replaceHeaderRedirect89 NOREWRITE bind rewrite global req_pol_replaceHostpol 10 20 -type REQ_OVERRIDE bind rewrite global req_pol_replaceHttpVer 20 30 -type REQ_OVERRIDE bind rewrite global req_pol_removeTEHeader 30 40 -type REQ_OVERRIDE bind rewrite global req_pol_insertConnHeader 40 END -type REQ_OVERRIDE set rewrite param -undefAction NOREWRITE bind lb vserver LBVS89 OracleApplication bind lb vserver LBVS89 -policyName res_pol_replaceRedirect89 -priority 100 -gotoPriorityExpression 110 -type RESPONSE bind lb vserver LBVS89 -policyName res_pol_replaceHostpolResp89 -priority 110 -gotoPriorityExpression 120 -type RESPONSE bind lb vserver LBVS89 -policyName res_pol_replaceContent89 -priority 120 -gotoPriorityExpression END -type RESPONSE

27

Citrix Worldwide Worldwide headquarters Citrix Systems, Inc. 851 West Cypress Creek Road Fort Lauderdale, FL 33309 USA T +1 800 393 1888 T +1 954 267 3000 Regional headquarters Americas Citrix Silicon Valley 4988 Great America Parkway Santa Clara, CA 95054 USA T +1 408 790 8000 Europe Citrix Systems International GmbH Rheinweg 9 8200 Schaffhausen Switzerland T +41 52 635 7700 Asia Pacific Citrix Systems Hong Kong Ltd. Suite 3201, 32nd Floor One International Finance Centre 1 Harbour View Street Central Hong Kong T +852 2100 5000 Citrix Online division 5385 Hollister Avenue Santa Barbara, CA 93111 USA T +1 805 690 6400 www.citrix.com

About Citrix Citrix Systems, Inc. (Nasdaq:CTXS) is the global leader and the most trusted name in application delivery infrastructure. More than 200,000 organizations worldwide rely on Citrix to deliver any application to users anywhere with the best performance, highest security and lowest cost. Citrix customers include 100% of the Fortune 100 companies and 98% of the Fortune Global 500, as well as hundreds of thousands of small businesses and prosumers. Citrix has approximately 6,200 channel and alliance partners in more than 100 countries. Annual revenue in 2006 was $1.1 billion. Citrix®, NetScaler®, GoToMyPC®, GoToMeeting®, GoToAssist®, Citrix Presentation Server™, Citrix Password Manager™, Citrix Access Gateway™, Citrix Access Essentials™, Citrix Access Suite™, Citrix SmoothRoaming™ and Citrix Subscription Advantage™ and are trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the U.S. Patent and Trademark Office and in other countries. UNIX® is a registered trademark of The Open Group in the U.S. and other countries. Microsoft®, Windows® and Windows Server® are registered trademarks of Microsoft Corporation in the U.S. and/or other countries. All other trademarks and registered trademarks are property of their respective owners.

www.citrix.com