Responder Action and Policy Examples

Responder actions and policies are powerful and complex, but you can get started with relatively simple applications.

Example: Blocking Access from Specified IPs

The following procedures block access to your protected Web site(s) by clients originating from the CIDR 222.222.0.0/16. The responder sends an error message stating that the client is not authorized to access the URL requested.

To block access by using the Citrix ADC command line:

At the command prompt, type the following commands to block access:

• add responder action act_unauthorized respond with “HTTP/1.1 403 Forbidden\r\n\r\n” + “Client: “ + CLIENT.IP.SRC + “ is not authorized to access URL:” + “HTTP.REQ.URL.HTTP_URL_SAFE”’
• add responder policy pol_un “CLIENT.IP.SRC.IN_SUBNET (222.222.0.0/16)” act_unauthorized
• bind responder global pol_un 10

To block access by using the GUI:

1. In the navigation pane, expandResponder, and then clickActions.
2. In the details pane, clickAdd.
3. In theCreate Responder Actiondialog box, do the following:
   1. In theNametext box, type act_unauthorized.
   2. Under Type, select Respond with.
   3. In the Target text area, type the following string: “HTTP/1.1 403 Forbidden\r\n\r\n” + “Client: “ + CLIENT.IP.SRC + “ is not authorized to access URL:” + HTTP.REQ.URL.HTTP_URL_SAFE
   4. ClickCreate, and then clickClose. The responder action you configured, named act_unauthorized, now appears in theResponder Actionspage.
4. In the navigation pane, clickPolicies.
5. In the details pane, clickAdd.
6. In theCreate Responder Policydialog box, do the following:
   1. 的名字text box, type pol_unauthorized.
   2. UnderAction, select act_unauthorized.
   3. In theExpressionwindow, type the following rule: CLIENT.IP.SRC.IN_SUBNET(222.222.0.0/16)
   4. ClickCreate, then clickClose. The responder policy you configured, named pol_unauthorized, now appears in theResponder Policiespage.
7. Globally bind your new policy, pol_unauthorized, as described inBinding a Responder Policy.

Example: Redirecting a client to a new URL

The following procedures redirect clients who access your protected Web site(s) from within the CIDR 222.222.0.0/16 to a specified URL.

To redirect clients by using the Citrix ADC command line:

At the command prompt, type the following commands to redirect clients and verify the configuration:

• add responder action act_redirect redirect""
• show responder action act_redirect
• add responder policy pol_redirect “CLIENT.IP.SRC.IN_SUBNET(222.222.0.0/16)” act_redirect
• show responder policy pol_redirect
• bind responder global pol_redirect 10

Example:

> add responder action act_redirect redirect `" http ://www.example.com/404.html "` Done > add responder policy pol_redirect "CLIENT.IP.SRC.IN_SUBNET(222.222.0.0/16)" act_redirect Done 

To redirect clients by using the GUI:

1. Navigate toAppExpert>Responder>Actions.
2. In the details pane, clickAdd.
3. In theCreate Responder Actiondialog box, do the following:
   1. In theNametext box, type act_redirect.
   2. Under Type, selectRedirect.
   3. In theTargettext area, type the following string:""
   4. ClickCreate, then clickClose. The responder action you configured, named act_redirect, now appears in theResponder Actionspage.
4. In the navigation pane, clickPolicies.
5. In the details pane, clickAdd.
6. In theCreate Responder Policydialog box, do the following:
   1. In theNametext box, type pol_redirect.
   2. UnderAction, select act_redirect.
   3. In theExpressionwindow, type the following rule: CLIENT.IP.SRC.IN_SUBNET(222.222.0.0/16)
   4. ClickCreate, then clickClose. The responder policy you configured, named pol_redirect, now appears in theResponder Policiespage.
7. Globally bind your new policy, pol_redirect, as described inBinding a Responder Policy.