Professional Documents
Culture Documents
Contents
HTTP Callouts..................................................................................................
10
15
16
18
20
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
38
39
40
41
42
43
44
45
HTTP Callouts
For certain types of requests, or when certain criteria are met during policy evaluation, you
might want to stall policy evaluation briefly, retrieve information from a server, and then
perform a specific action that depends on the information that is retrieved. At other times,
when you receive certain types of requests, you might want to update a database or the
content hosted on a Web server. HTTP callouts enable you to perform all these tasks.
An HTTP callout is an HTTP or HTTPS request that the NetScaler appliance generates and
sends to an external application when certain criteria are met during policy evaluation. The
information that is retrieved from the server can be analyzed by default syntax policy
expressions, and an appropriate action can be performed. You can configure HTTP callouts
for HTTP content switching, TCP content switching, rewrite, responder, and for the
token-based method of load balancing.
Before you configure an HTTP callout, you must set up an application on the server to
which the callout will be sent. The application, which is called the HTTP callout agent ,
must be configured to respond to the HTTP callout request with the required information.
The HTTP callout agent can also be a Web server that serves the data for which the
NetScaler appliance sends the callout. You must make sure that the format of the response
to an HTTP callout does not change from one invocation to another.
After you set up the HTTP callout agent, you configure the HTTP callout on the NetScaler
appliance. Finally, to invoke the callout, you include the callout in a default syntax policy
in the appropriate NetScaler feature and then bind the policy to the bind point at which you
want the policy to be evaluated.
After you have configured the HTTP callout, you must verify the configuration to make sure
that the callout is working correctly.
> set policy httpCallout mycallout -vserver lbv1 -returnType num -httpMethod GET -hostExpr 'http.re
-urlStemExpr "http.req.url" -parameters Name("My Name") -headers Name("MyHeader")
-resultExpr "http.res.body(10000).length"
> set policy httpCallout mycallout1 -vserver lbv1 -returnType num -httpMethod GET
-fullReqExpr q{"GET " + http.req.url + "HTTP/" + http.req.version.major + "." + http.req.version.mino
"r\nHost:10.101.10.10\r\nAccept: */*\r\n\r\n"}
3. Verify the configurations of the HTTP callout.
show policy httpCallout <name>
11
12
14
Indicates that
The state of the server that hosts the HTTP callout agent, or the load
balancing, content switching, or cache redirection virtual server to which
the HTTP callout is sent is UP.
The state of the server that hosts the HTTP callout agent, or the load
balancing, content switching, or cache redirection virtual server to which
the HTTP callout is sent is OUT OF SERVICE.
The state of the server that hosts the HTTP callout agent, or the load
balancing, content switching, or cache redirection virtual server to which
the HTTP callout is sent is DOWN.
For an HTTP callout to function correctly, the icon must be green at all times. If the icon is
not green, check the state of the callout server or virtual server to which the HTTP callout
is sent. If the HTTP callout is not working as expected even though the icon is green, check
the parameters configured for the callout.
You can also verify the configuration by sending test requests that match the policy from
which the HTTP callout is invoked, checking the hits counter for the policy and the HTTP
callout, and verifying the responses that the NetScaler appliance sends to the client.
Note: An HTTP callout can sometimes invoke itself recursively a second time. If this
happens, the hits counter is incremented by two counts for each callout that is generated
by the appliance. For the hits counter to display the correct value, you must configure
the HTTP callout in such a way that it does not invoke itself a second time. For more
information about how you can avoid HTTP callout recursion, see "Avoiding HTTP Callout
Recursion."
15
16
17
> set policy httpCallout myCallout -IPAddress 10.102.3.95 -port 80 -returnType TEXT -hostExpr "\"10.102.3.95
Done
18
Note: You can also configure an expression to check whether the URL of the request
includes the URL stem expression that is configured for the HTTP callout. If you want to
implement this scenario, make sure that the HTTP callout agent is dedicated to respond
only to HTTP callouts and not to other client requests directed through the appliance. If
the HTTP callout agent is an application or Web server that serves other client requests,
such an expression will prevent the appliance from processing those client requests.
Instead, use a unique custom header as described earlier.
19
20
21
22
23
Enabling Responder
You must enable responder before you can use it.
24
Value
Name
HTTP-Callout-1
10.103.9.95
Port
80
GET
Host Expression
10.102.3.95
"/cgi-bin/check_clnt_from_database.pl"
Headers
Name
Request
Value-expression
Callout Request
Parameters
Name
Cip
Value-expression
CLIENT.IP.SRC
Server Response
25
Return Type
TEXT
HTTP.RES.BODY(100)
26
#!/usr/bin/perl -w
print "Content-type: text/html\n\n";
use DBI();
use CGI qw(:standard);
#Take the Client IP address from the request query
my $ip_to_check = param('cip');
# Where a MYSQL database is running
my $dsn = 'DBI:mysql:BAD_CLIENT:localhost';
# Database username to connect with
my $db_user_name = dbuser;
# Database password to connect with
my $db_password = 'dbpassword';
my ($id, $password);
# Connecting to the database
my $dbh = DBI->connect($dsn, $db_user_name, $db_password);
my $sth = $dbh->prepare(qq{ select * from bad_clnt });
$sth->execute();
while (my ($ip_in_database) = $sth->fetchrow_array()) {
chomp($ip_in_database);
# Check for IP match
if ($ip_in_database eq $ip_to_check) {
print "\n IP Matched\n";
$sth->finish();
exit;
}
}
print "\n IP Failed\n";
$sth->finish();
exit;
27
28
Enabling Rewrite
Rewrite must be enabled before it is used on the NetScaler appliance. The following
procedure describes the steps to enable the rewrite feature.
29
Value
Name
HTTP-Callout-2
10.102.56.51
Port
80
GET
Host Expression
10.102.56.51:80
"HTTP.RES.BODY(500).AFTER_STR(\"src=\").BEFORE_STR(\
"/>\")"
Headers
Name
Name
Value-expression
Callout
Server Response
30
Return Type
TEXT
HTTP.RES.BODY(100)
Value
Name
Action-Rewrite-1
Type
Replace
"HTTP.RES.BODY(500).AFTER_STR (\"
<example>\").BEFORE_STR
(\"</example>\")"
"SYS.HTTP_CALLOUT(HTTP-Callout-2)"
31
Value
Name
Policy-Rewrite-1
Action
Action_Rewrite-1
Expression
"HTTP.REQ.HEADER(\"Name\").CONTAINS
(\"Callout\").NOT"
32
33
Enabling Responder
The responder feature must be enabled before it is used on the NetScaler appliance.
34
Value
Name
HTTP-Callout-3
10.103.9.95
Port
80
GET
Host Expression
10.102.3.95
/cgi-bin/authenticate.pl
Headers
Name
Request
Value-expression
Callout Request
Parameters
Name
Username
Value-expression
HTTP.REQ.HEADER("Username").VALUE(0)
Name
Password
Value-expression
HTTP.REQ.HEADER("Password").VALUE(0)
Server Response
35
Return Type
TEXT
HTTP.RES.BODY(100)
Value
Name
Policy-Responder-3
Action
RESET
Undefined-Result-Action
Expression
37
38
39
Enabling Responder
The responder feature must be enabled before it can be used on the NetScaler appliance.
40
Value
Name
HTTP-Callout-4
10.103.56.51
Port
80
POST
Host Expression
fffffff
URL Stem
Expression
"/cgi-bin/Callout/spam_filter.pl"
Headers
Name
Request
Value-expression
Callout Request
Parameters
Name
Subject
Value-expression
("\"" +
HTTP.REQ.BODY(1000).AFTER_STR("urn:schemas:httpmail:subject=").BEFORE_STR("\n").TO_LOWER +
"\"")
Server Response
Return Type
BOOL
Expression to
extract data from
the response
HTTP.RES.BODY(100) .CONTAINS(\"Matched\")
41
Value
Name
Action-Responder-4
Type
Respond with
Target
42
Value
Name
Policy-Responder-4
Action
Action-Responder-4
Undefined-Result-Action
Expression
"HTTP.REQ.BODY(1000).CONTAINS(\"urn:schemas:httpmail:subject\")
&& SYS.HTTP_CALLOUT(HTTP-Callout-4)"
43
44
> set policy httpCallout http_callout1 -IPAddress 10.217.14.23 -port 80 -returnType TEXT -hostExpr "\"ww
4. Configure the content switching action to retrieve the callout response.
> add cs action cs_action1 -targetVserverExpr 'SYS.HTTP_CALLOUT(http_callout1)'
Note: You must bind a load balancing virtual server to the content switching virtual
server to account for:
The non-availability of the load balancing virtual server that the callout resolves to.
45