Policy Management Guide for the BIG-IP WebAccelerator System

8/22/2019 Policy Management Guide for the BIG-IP WebAccelerator System

1/186

Policy Management Guidfor the BIG-IP WebAccelerator Syste

version 1

MAN-02


2/186


3/186

Policy Management Guide for the BIG-IP WebAcceleratorTM System i

Product Version

This manual applies to product version 10.2 of the BIG-IP WebAccelerator.

Publication DateThis manual was published on August 17, 2011.

Legal Notices

Copyright

Copyright 2008-2011, F5 Networks, Inc. All rights reserved.

F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5

assumes no responsibility for the use of this information, nor any infringement of patents or other rights of

third parties which may result from its use. No license is granted by implication or otherwise under any

patent, copyright, or other intellectual property right of F5 except as specifically described by applicableuser licenses. F5 reserves the right to change specifications at any time without notice.

Trademarks

F5, F5 Networks, the F5 logo, BIG-IP, 3-DNS, Access Policy Manager, APM, Acopia, Acopia Networks,

Application Accelerator, Ask F5, Application Security Manager, ASM, ARX, Data Guard, Edge Client,

Edge Gateway, Enterprise Manager, EM, FirePass, FreedomFabric, Global Traffic Manager, GTM,

iControl, Intelligent Browser Referencing, Internet Control Architecture, IP Application Switch, iRules,

Link Controller, LC, Local Traffic Manager, LTM, Message Security Module, MSM, NetCelera,

OneConnect, Packet Velocity, Protocol Security Module, PSM, Secure Access Manager, SAM, SSL

Accelerator, SYN Check, Traffic Management Operating System, TMOS, TrafficShield, Transparent Data

Reduction, uRoam, VIPRION, WANJet, WAN Optimization Module, WOM, WebAccelerator, WA, and

ZoneRunner are trademarks or service marks of F5 Networks, Inc., in the U.S. and other countries, and

may not be used without F5's express written consent.

All other product and company names herein may be trademarks of their respective owners.

Patents

This product protected by U.S. Patent[s] 6,505,230; 6,640,240; 6,772,203; 6,970, 933; 7,113,962; and

7,114,180. Other patents pending.

Export Regulation Notice

This product may include cryptographic software. Under the Export Administration Act, the United States

government may consider it a criminal offense to export this product from the United States.

RF Interference Warning

This is a Class A product. In a domestic environment this product may cause radio interference, in which

case the user may be required to take adequate measures.

FCC Compliance

This equipment has been tested and found to comply with the limits for a Class A digital device pursuant

to Part 15 of FCC rules. These limits are designed to provide reasonable protection against harmful

interference when the equipment is operated in a commercial environment. This unit generates, uses, and

can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual,

may cause harmful interference to radio communications. Operation of this equipment in a residential area

is likely to cause harmful interference, in which case the user, at his own expense, will be required to take

whatever measures may be required to correct the interference.

Any modifications to this device, unless expressly approved by the manufacturer, can void the user's

authority to operate this equipment under part 15 of the FCC rules.


4/186

ii

Canadian Regulatory Compliance

This Class A digital apparatus complies with Canadian ICES-003.

Standards ComplianceThis product conforms to the IEC, European Union, ANSI/UL and Canadian CSA standards applicable toInformation Technology products at the time of manufacture.

Acknowledgments

This product includes software developed by the University of California, Berkeley and its contributors.

This product includes software developed by the Computer Systems Engineering Group at the Lawrence

Berkeley Laboratory.

This product includes software developed by the NetBSD Foundation, Inc. and its contributors.

This product includes software developed by Christopher G. Demetriou for the NetBSD Project.

This product includes software developed by Adam Glass.

This product includes software developed by Christian E. Hopps.

This product includes software developed by Dean Huxley.

This product includes software developed by John Kohl.

This product includes software developed by Paul Kranenburg.

This product includes software developed by Terrence R. Lambert.

This product includes software developed by Philip A. Nelson.

This product includes software developed by Herb Peyerl.

This product includes software developed by Jochen Pohl for the NetBSD Project.

This product includes software developed by Chris Provenzano.

This product includes software developed by Theo de Raadt.

This product includes software developed by David Muir Sharnoff.

This product includes software developed by SigmaSoft, Th. Lockert.

This product includes software developed for the NetBSD Project by Jason R. Thorpe.

This product includes software developed by Jason R. Thorpe for And Communications,

http://www.and.com.

This product includes software developed for the NetBSD Project by Frank Van der Linden.This product includes software developed for the NetBSD Project by John M. Vinopal.

This product includes software developed by Christos Zoulas.

This product includes software developed by Charles Hannum.

This product includes software written by Steffen Beyer and licensed under the Perl Artistic License and

the GPL

This product includes software written by Makamaka Hannyaharamitu (C) 2007-2008.

This product includes software developed by Charles Hannum, by the University of Vermont and State

Agricultural College and Garrett A. Wollman, by William F. Jolitz, and by the University of California,

Berkeley, Lawrence Berkeley Laboratory, and its contributors.

This product includes software developed by the University of Vermont and State Agricultural College and

Garrett A. Wollman.

In the following statement, "This software" refers to the Mitsumi CD-ROM driver: This software was

developed by Holger Veit and Brian Moore for use with "386BSD" and similar operating systems.

"Similar operating systems" includes mainly non-profit oriented systems for research and education,including but not restricted to "NetBSD," "FreeBSD," "Mach" (by CMU).

In the following statement, "This software" refers to the parallel port driver: This software is a component

of "386BSD" developed by William F. Jolitz, TeleMuse.

This product includes software developed by the Apache Group for use in the Apache HTTP server project

(http://www.apache.org/).

This product includes software developed by Darren Reed. ( 1993-1998 by Darren Reed).

This product includes software licensed from Richard H. Porter under the GNU Library General Public

License ( 1998, Red Hat Software), www.gnu.org/copyleft/lgpl.html.


5/186

Policy Management Guide for the BIG-IP WebAcceleratorTM System iii

This product includes the standard version of Perl software licensed under the Perl Artistic License (

1997, 1998 Tom Christiansen and Nathan Torkington). All rights reserved. You may find the most current

standard version of Perl at http://www.perl.com.

This product includes software developed by the University of California, Berkeley and its contributors.

This product includes software developed by the Computer Systems Engineering Group at the Lawrence

Berkeley Laboratory.

This product includes software developed by the NetBSD Foundation, Inc. and its contributors.

This product includes software developed by Christopher G. Demetriou for the NetBSD Project.

This product includes software developed by Adam Glass.

This product includes software developed by Christian E. Hopps.

This product includes software developed by Dean Huxley.

This product includes software developed by John Kohl.

This product includes software developed by Paul Kranenburg.

This product includes software developed by Terrence R. Lambert.

This product includes software developed by Philip A. Nelson.

This product includes software developed by Herb Peyerl.

This product includes software developed by Jochen Pohl for the NetBSD Project.

This product includes software developed by Chris Provenzano.

This product includes software developed by Theo de Raadt.

This product includes software developed by David Muir Sharnoff.

This product includes software developed by SigmaSoft, Th. Lockert.

This product includes software developed for the NetBSD Project by Jason R. Thorpe.

This product includes software developed by Jason R. Thorpe for And Communications,

http://www.and.com.

This product includes software developed for the NetBSD Project by Frank Van der Linden.

This product includes software developed for the NetBSD Project by John M. Vinopal.

This product includes software developed by Christos Zoulas.

This product includes software developed by Charles Hannum.

This product includes software developed by Charles Hannum, by the University of Vermont and Stage

Agricultural College and Garrett A. Wollman, by William F. Jolitz, and by the University of California,Berkeley, Lawrence Berkeley Laboratory, and its contributors.

This product includes software developed by the University of Vermont and State Agricultural College and

Garrett A. Wollman.

In the following statement, "This software" refers to the Mitsumi CD-ROM driver: This software was

developed by Holger Veit and Brian Moore for use with "386BSD" and similar operating systems.

"Similar operating systems" includes mainly non-profit oriented systems for research and education,

including but not restricted to "NetBSD," "FreeBSD," "Mach" (by CMU).

In the following statement, "This software" refers to the parallel port driver: This software is a component

of "386BSD" developed by William F. Jolitz, TeleMuse.

This product includes software developed by the Apache Group for use in the Apache HTTP server project

(http://www.apache.org/).

This product includes software developed by Darren Reed. ( 1993-1998 by Darren Reed).

This product includes software licensed from Richard H. Porter under the GNU Library General Public

License ( 1998, Red Hat Software), www.gnu.org/copyleft/lgpl.html.

This product includes the standard version of Perl software licensed under the Perl Artistic License (

1997, 1998 Tom Christiansen and Nathan Torkington). All rights reserved. You may find the most current

standard version of Perl at http://www.perl.com.

This product includes software developed by Eric Young.

Portions of the material included in Appendix C came from the Internet Software Consortium,

http://www.isc.org/.

Rsync was written by Andrew Tridgell and Paul Mackerras, and is available under the Gnu Public License.

This product includes Malloc library software developed by Mark Moraes. ( 1988, 1989, 1993,

University of Toronto).


6/186

iv

This product includes open SSL software developed by Eric Young ([email protected]), ( 1995-1998).

This product includes open SSH software developed by Tatu Ylonen , Espoo, Finland (

1995).

This product includes open SSH software developed by Niels Provos ( 1999).

This product includes SSH software developed by Mindbright Technology AB, Stockholm, Sweden,

www.mindbright.se, [email protected] ( 1998-1999).

This product includes free SSL software developed by Object Oriented Concepts, Inc., St. John's, NF,

Canada, ( 2000).

This product includes software developed by Object Oriented Concepts, Inc., Billerica, MA, USA (

2000).

This product includes software developed by The Legion of the Bouncy Castle. Copyright (c) 2000 - 2009

The Legion Of The Bouncy Castle (http://www.bouncycastle.org)


7/186

Table of Contents


8/186


9/186

Table of Contents

Policy Management Guide for the BIG-IP WebAccelerator System vii

1Getting Started with the WebAccelerator System

About the WebAccelerator system .......................................................................................... 1-1

About this guide .................................................................................................................... 1-1Reviewing the documentation set .............................................................................................. 1-2

Finding help and technical support resources .........................................................................1-3

2Using Acceleration Policies

Overview of acceleration policies .............................................................................................. 2-1

Types of acceleration policies ............................................................................................ 2-1

Managing your acceleration policies .......................................................................................... 2-3

Customizing acceleration policies .............................................................................................. 2-6

Creating a user-defined acceleration policy .................................................................... 2-6

Creating a signed acceleration policy ............................................................................... 2-8

Publishing acceleration policies .................................................................................................2-10

Saving an acceleration policy to an XML file ..........................................................................2-11

3Using the Policy Editor

Overview of the Policy Editor screen .......................................................................................3-1

Using the Policy Tree .................................................................................................................... 3-4

Policy Tree example ............................................................................................................ 3-4

Understanding acceleration policy rule inheritance ............................................................... 3-6

Inheriting rule parameters .................................................................................................. 3-7

Overriding inherited rule parameters .............................................................................. 3-8

Modifying a Policy Tree for an acceleration policy ..............................................................3-11

4Using HTTP Headers to Configure Acceleration Policy RulesUsing HTTP header parameters to process requests ........................................................... 4-1

Requirements for servicing requests ................................................................................ 4-1

Requirements for caching responses ................................................................................ 4-2

Configuring rules based on HTTP request headers ............................................................... 4-4

Specifying HTTP data type parameters for a rule ......................................................... 4-5

Configuring rules based on HTTP response headers ..........................................................4-12

Classifying responses ..........................................................................................................4-12

Applying associated acceleration policy rules ..............................................................4-13

Assembling responses ........................................................................................................4-14

Using regular expressions and meta tags for rules ..............................................................4-15

Supported regular expression strings ............................................................................ 4-15

Supported meta characters ..............................................................................................4-17

Managing Cache-Control response headers ..........................................................................4-19Honoring HTTP request and response header no-cache directives ......................4-19

Using max-age value for compiled responses ..............................................................4-21

Using ESI Surrogate-Control headers .....................................................................................4-22

Supported Surrogate-Control directives .......................................................................4-22

Overriding HTTP Cache-Control headers ...................................................................4-24

Using surrogate targeting ..................................................................................................4-24

Viewing X-PvInfo response headers ........................................................................................ 4-25

S code ....................................................................................................................................4-26

C code ...................................................................................................................................4-27

A code ...................................................................................................................................4-28


10/186

Table of Contents

viii

R code ....................................................................................................................................4-28

G code ...................................................................................................................................4-28

U code ...................................................................................................................................4-29

5Configuring Matching Rules

Overview of application matching .............................................................................................. 5-1

Application matching based on node precedence ......................................................... 5-2

Additional application matching considerations .............................................................5-2

Processing unmatched requests ........................................................................................ 5-3

Configuring an example matching rule ......................................................................................5-4

6Configuring Variation Rules

Overview of variation rules ......................................................................................................... 6-1

Using variation rules to increase cache efficiency ......................................................... 6-2

Using variation rules to serve user-specific content ..................................................... 6-2Defining variation rule parameters ............................................................................................ 6-4

Using value groups ................................................................................................................6-4

Managing conflicting rule parameters ........................................................................................ 6-5

Configuring an example variation rule ......................................................................................6-7

7Configuring Assembly Rules

Overview of assembly rules ......................................................................................................... 7-1

Using the Intelligent Browser Referencing feature ................................................................ 7-2

Enabling the Intelligent Browser Referencing feature .................................................. 7-3

Intelligent Browser Referencing example ........................................................................ 7-4

Using the MultiConnect feature ................................................................................................. 7-5

Enabling the MultiConnect feature ................................................................................... 7-5Using content compression ......................................................................................................... 7-8

Enabling content compression ........................................................................................... 7-8

Managing content served from origin web servers ..............................................................7-10

Enabling content assembly on proxies feature .............................................................7-10

Using parameter value substitution ......................................................................................... 7-11

Configuring value substitution parameters for an assembly rule .............................7-12

Specifying advanced assembly options .....................................................................................7-15

Configuring an example assembly rule ....................................................................................7-17

8Configuring Proxying Rules

Overview of proxying rules ......................................................................................................... 8-1

Configuring example proxy rule parameters ........................................................................... 8-3Enabling the Always proxy requests for this node setting ................................................... 8-4

Configuring an example proxy override rule ..........................................................................8-5

Configuring an example proxying rule ......................................................................................8-6

9Configuring Lifetime Rules

Overview of lifetime rules ........................................................................................................... 9-1

Understanding lifetime mechanism precedence ............................................................ 9-1


11/186

Table of Contents

Policy Management Guide for the BIG-IP WebAccelerator System ix

Defining Header Lifetime Option settings ............................................................................... 9-3

Obey ESI max-age headers if present ............................................................................... 9-3

Use HTTP lifetime headers if present .............................................................................. 9-3

Configuring the WebAccelerator Cache Settings .................................................................. 9-5

Maximum Age ........................................................................................................................ 9-5Stand-in Period ...................................................................................................................... 9-5

HTTP Lifetime Heuristic ..................................................................................................... 9-6

Configuring the Client Cache Settings ......................................................................................9-7

Do not change ....................................................................................................................... 9-7

Maximum Age ........................................................................................................................ 9-7

Insert no-cache header ........................................................................................................ 9-8

Configuring an example lifetime rule ......................................................................................... 9-9

10Configuring Invalidations Rules

Overview of invalidations rules ................................................................................................10-1

Triggering invalidation ........................................................................................................10-2

Setting the lifetime for invalidations rules .....................................................................10-3Defining invalidations rule parameters ....................................................................................10-4

Request Header Matching Criteria .................................................................................10-4

Cached Content to Invalidate ..........................................................................................10-5

Configuring an example invalidations rule ..............................................................................10-6

11Configuring Responses Cached Rules

Overview of responses cached rules ......................................................................................11-1

Caching HTML content ..................................................................................................... 11-2

Caching content based on response status codes ......................................................11-2

Configuring an example responses cached rule ....................................................................11-3

12Specifying Log Formats for Hit Logs

Using hit logs .................................................................................................................................12-1

Selecting a standard log format for hit logs ...........................................................................12-2

Standard log format examples ......................................................................................... 12-3

Creating a custom log format for hit logs ..............................................................................12-5

Configuring an example customized hit log format .............................................................12-7

Glossary

Index


12/186

Table of Contents

x


13/186

1Getting Started with the WebAccelerator

System

About the WebAccelerator system

Reviewing the documentation set

Finding help and technical support resources


14/186


15/186

Getting Started with the WebAccelerator System

Policy Management Guide for the BIG-IP WebAccelerator System 1 - 1

About the WebAccelerator system

The BIG-IP WebAccelerator system is a delivery solution designed to

improve the speed at which users access your web applications (such asMicrosoft SharePoint, Microsoft Outlook Web Access, BEA

AquaLogic, SAP Portal, Oracle Siebel CRM, Oracle Portal, and

others) and wide area network (WAN).

The WebAccelerator system does this through acceleration policy features

that modify web browser behavior, as well as compresses and caches

dynamic and static content, which decreases bandwidth usage and ensures

that your users get the most quick and efficient access to your web

applications and WAN. These processes, and deployment options, are

discussed in the following sections.

The BIG-IP WebAccelerator system is one of several products that

constitute the BIG-IP product family. All BIG-IP products run on the Traffic

Management Operating System, commonly referred to as TMOS. For anoverview of the complete BIG-IP product offering, see the Introduction to

the BIG-IP System chapter of the TMOSManagement Guide for BIG-IP

Systems.

About this guide

This guide provides the detailed information that you need to manage and

customize your acceleration policies. Read this guide only after you have

configured the WebAccelerator system using the information provided in

the Configuration Guide for the BIG-IP WebAccelerator System.


16/186

Chapter 1

1 - 2

Reviewing the documentation setThe WebAccelerator system documentation set consists of the following

items:

Configuration Guide for the BIG-IP WebAccelerator System

Describes the core product concepts and provides the procedures for

configuring and monitoring the WebAccelerator system.

Policy Management Guide for the BIG-IP WebAccelerator System

Provides information about creating and editing policies to tailor the

WebAccelerator system for optimal performance.

Release notes

Provide information about new features, fixes, known issues, and

workarounds.

Online help

Provides context-sensitive description of each control and setting on eachscreen.

Additionally, you must review specific chapters in the following guides:

BIG-IP Systems: Getting Started Guide

For information about performing the required configuration for the

BIG-IP Local Traffic Manager, as well as information about installing,

enabling, and configuring resource provisioning for the WebAccelerator

system license.

Configuration Guide for BIG-IPLocal Traffic Manager

For information about how to define a virtual server and pool.

TMOSManagement Guide for BIG-IP Systems

For an overview of the complete BIG-IP product offering.


17/186

Getting Started with the WebAccelerator System


Finding help and technical support resourcesYou can find technical documentation and product information using the

following resources:

Welcome screen in the Configuration utilityThe Welcome screen in the Configuration utility contains links to many

useful web sites and resources, including:

The F5 Networks Technical Support web site

The F5 Solution Center

The F5 DevCentralSM web site

Plug-ins, SNMP MIBs, and SSH clients

Online helpThe WebAccelerator system provides context-sensitive online help for

each screen. The online help contains descriptions of each control andsetting on the screen. To access the online help, click the Help tab on the

left navigation pane of the Configuration utility.

F5 Networks Technical Support web siteThe F5 Networks Technical Support web site provides the latest

documentation set for the product, including:

Release notes, current and past

Software and hardware guides, current and past (in PDF and HTML

format)

Technical notes

The Ask F5SM Knowledge Base

To access the F5 Networks Technical Support web site, you need to

register at https://support.f5.com.


18/186

Chapter 1

1 - 4


19/186

2Using Acceleration Policies

Overview of acceleration policies

Managing your acceleration policies

Customizing acceleration policies

Publishing acceleration policies

Saving an acceleration policy to an XML file


20/186


21/186

Using Acceleration Policies


Overview of acceleration policiesAn acceleration policy is a collection of defined rule parameters that dictate

how the BIG-IP WebAccelerator system handles HTTP requests andresponses. The WebAccelerator system uses two types of rules to manage

content: matching rules and acceleration rules. Matching rules are used to

classify requests by object type and match the request to a specific

acceleration policy. Once matched to an acceleration policy, the

WebAccelerator system applies the associated acceleration rules to manage

the requests and responses.

Depending on the application specific to your site, information in requests

can sometimes imply one type of response (such as a file extension of.jsp),when the actual response is a bit different (like a simple document). For this

reason, the WebAccelerator system applies matching rules twice: once to

the request, and a second time to the response. This means that a request and

a response can match to different acceleration rules, but it ensures that theresponse is matched to the acceleration policy that is best suited to it.

Tip

See Chapter4, Using HTTP Headers to Configure Acceleration Policy

Rules, for details about how the WebAccelerator system performs matching

on specific parameters in acceleration policy rules.

Types of acceleration policies

There are three types of acceleration policies that you can use to speed up

the access to your web applications.

Pre-defined Acceleration Policies

The WebAccelerator system ships with several predefined acceleration

policies that are optimized for specific web applications, as well as two

non-application specific policies for general delivery, and one for an

optional symmetric deployment.

The general-delivery acceleration policies work well for sites that use

Java 2 Platform Enterprise Edition (J2EE) applications, and are defined

as follows:

Level 1 DeliveryPrompts the WebAccelerator system to send all requests for HTML

pages to the origin web server for content, ignore any no-cachedirectives included in HTTP Cache-Control request headers, and usethe cache response directives that it receives from the origin web

server. This policy is compliant with HTML version 2.0.

Level 2 DeliveryPrompts the WebAccelerator system to cache HTML pages and set a

lifetime setting for content to 0, use the Intelligent Browser

Referencing feature only for documents and includes, ignore any

no-cache directives included in HTTP Cache-Control request header,

and use the cache response directives that it receives from the origin


22/186

Chapter 2

2 - 2

web server. This policy is compliant with HTML version 3.0, and

later. In most cases, you should use this predefined policy for those

applications for which there is no application-specific predefined

policy available.

User-defined Acceleration PoliciesA policy that you create by either copying an existing policy and

modifying or adding rules, or by creating a new acceleration policy and

specifying all new rules.

Signed Acceleration PoliciesA policy created, certified, and encrypted by its author, such as a

consultant or vendor. You can also create your own signed acceleration

policy by configuring a user-defined acceleration policy, and signing it.

After an acceleration policy is signed, you cannot view or modify the

configured rules, as you can for predefined and user-defined acceleration

policies.


23/186



Managing your acceleration policiesThe Policies screen displays all of the acceleration policies that are available

for assignment to your applications.

To access the Policies screen

In the navigation pane, expand WebAccelerator and clickPolicies.The Policies screen displays a list of existing acceleration policies.

Figure 2.1 Example Policies screen

From the Policies screen, you can access other screens, from which you can

perform additional tasks.

To view rules for an acceleration policy

1. In the navigation pane, expand WebAccelerator and clickPolicies.

The Policies screen displays a list of existing acceleration policies.


24/186

Chapter 2

2 - 4

2. Click the name of the acceleration policy you want to view.

Note that you cannot view rules for a signed acceleration policy. For

more information, see Creating a signed acceleration policy, on

page 2-8.

3. Click a node on the Policy Tree.

The matching rules display for the selected node.

4. From the Matching Rules list, choose Acceleration Rules.

5. Click the name of an acceleration rule to view the configured rule

parameters for the selected node.

To rename a user-defined or signed acceleration policy



2. In the Tools column for the acceleration policy you want to modify,

click the Rename link.

3. In the Name box, type a new name for the acceleration policy.

4. In the Description box, type an optional description.

5. Click the Rename button to save the changes.

To delete a user-defined or signed acceleration policy

WARNING

Do not delete an acceleration policy unless you are sure that you do notever want to refer to it again. You cannot recover a deleted acceleration

policy. You can retain an acceleration policy to use later, even if you do not

have an application that is currently using it.

1. In the navigation pane, expand WebAccelerator and clickPolicies.The Policies screen displays a list of existing acceleration policies.

2. Select the check box next to an acceleration policy, and then click

the Delete button.Note that you cannot delete a predefined acceleration policy.

3. Confirm the deletion, keeping in mind that you cannot recover a

deleted acceleration policy.

To specify a logging format for an acceleration policy



2. In the Tools column for the acceleration policy you want to modify,

click the Logging link.Note that you cannot change the logging options for a predefined

acceleration policy.


25/186



3. To create individual logs for the HTTP and HTTPS protocols, select

the Log HTTP and HTTPS requests separately check box.

4. For each protocol you want to log, select the button next to the

following options as required:

Log all transactions

Only log transactions served from cache

Do not log

5. If you select Log all transactions, or Only log transactions served

from cache, then select a format for the logs from the Log Formatlist for each protocol.

6. Click the Save button.

For detailed information about logging options, see Chapter 12, SpecifyingLog Formats for Hit Logs.


26/186

Chapter 2

2 - 6

Customizing acceleration policiesIf you have a unique application for which you cannot use a predefined

acceleration policy, you can create a new, user-defined acceleration policyor a signed acceleration policy.

Before you can create a new acceleration policy, you need to analyze the

type of traffic that your sites applications receive, and decide how you want

the WebAccelerator system to manage those HTTP requests and responses.

To help you do that, consider questions similar to those that follow.

Which responses do I want the WebAccelerator system to cache?

Are there responses for static documents that can remain in the

WebAccelerator systems cache for several days before being refreshed?

Which responses are dynamic documents that the WebAccelerator

system should refresh hourly?

Are there responses that the WebAccelerator system should never cache?

After you decide how you want the WebAccelerator system to handle

certain requests for your site, you can identify the HTTP data parameters

that the WebAccelerator system uses to match requests and responses to the

appropriate acceleration policies.

For example, the path found on requests for static documents may be

different than the path for dynamic documents. Or the paths may be similar,

but the static documents are in PDF format and the dynamic documents are

Word documents or Excel spreadsheets. These differences help you specify

matching rules that prompt the WebAccelerator system to match the HTTP

request to the acceleration policy that will handle the request and the

response most expeditiously.

Creating a user-defined acceleration policy

You can create a user-defined acceleration policy most efficiently by

copying an existing acceleration policy and modifying its rules to meet your

unique requirements. Alternatively, you can create a new user-defined

acceleration policy and define each matching rule and acceleration rule

individually.

When you copy or create an acceleration policy, the WebAccelerator system

maintains that acceleration policy as a development copy until you publish

it, at which time the WebAccelerator system creates a production copy.Only a production (published) copy of an acceleration policy is available for

you to assign to an application. You can make as many changes as you like

to the development copy of an acceleration policy without affecting current

traffic to your applications.


27/186



To copy an existing acceleration policy


2. In the Tools column for the acceleration policy you want to copy,

click the Copy link.

3. In the Name box, type a descriptive name for the acceleration policy

so you can easily identify it later.


5. ClickCopy.

To view and modify an acceleration policys rules



2. Click the name of the acceleration policy you want to view.

3. Click the branch node for the type of content you want to modify or

a leaf node for a specific page type.

The matching rules display for the selected node, and you can make

changes as required.

4. From the Matching Rules list, choose Acceleration Rules.

5. Click the name of an acceleration rule to view the configured rule

parameters for the selected node, and make changes as required

See Modifying a Policy Tree for an acceleration policy, on page

3-11.

6. After you make the last change, click the Publish button from any

screen within the Policy Editor.

Alternatively, you can publish an acceleration policy from the

Policies screen as described in Publishing acceleration policies, on

page 2-10.

The acceleration policy is now available for assignment to an application.

To create a new user-defined acceleration policy


The Policies screen displays a list of existing acceleration policies.2. Click the Create button.

3. In the Name box, type a descriptive name for the acceleration policy

so you can easily identify it later.


5. Click the Create button.

6. Click the name of the acceleration policy that you created.


28/186

Chapter 2

2 - 8

7. Create the Policy Tree by defining branch nodes for the groups of

content, and leaf nodes for specific content.

8. Click a node and specify the matching and acceleration rules.

For more information, see Modifying a Policy Tree for anacceleration policy, on page 3-11.

9. After you make the last change, click the Publish button from anyscreen within the Policy Editor.

Alternatively, you can publish an acceleration policy from the

Policies screen as described in Publishing acceleration policies, on

page 2-10.

The acceleration policy is now available for assignment to an application.

Creating a signed acceleration policyA signed acceleration policy is encrypted and certified by its author and

customized to work specifically for an application. You cannot view or

modify the specific rules for a signed acceleration policies; the policy is

locked.

You can import a signed acceleration policy from several sources, such as

the publisher of a specific application or a consultant, or you can sign a

user-defined policy that you have created and customized.

To sign an acceleration policy


2. In the Tools column for the acceleration policy you want to sign,

click the Sign link.

3. From the SSL Certificate(s) to encrypt to list, select one or more

SSL certificate that you want to use for the signed acceleration

policy.

Alternatively, you can create a new SSL certificate and key, or

import one by clicking the Create or Import link. For specific

information about creating or importing SSL certificates and keys

refer to the online help, or see the Managing keys and certificates

section in the Managing SSL Traffic chapter of the Configuration

Guide for BIG-IPLocal Traffic Manager.

4. From the Signing SSL Certificate private key list, select the

private key that you want to use.

5. Click the Export button.


7. Navigate to the location where you want to save the file.



29/186



Once you sign and save the acceleration policy to an XML file, you can load

it onto any system running the same version of the WebAccelerator system

software. Then, you can publish it and make it available for assignment to

your applications. See Publishing acceleration policies, on page 2-10.

To import a signed acceleration policy

Important

Before importing a signed acceleration policy, you must first import the SSL

certificate of the system on which the policy was signed. For a symmetric

deployment, the signed acceleration policy must be signed against each

WebAccelerator system in the deployment. For specific information about

importing SSL certificates and keys, refer to the online help, or see the

Managing keys and certificates section in the Managing SSL Traffic

chapter of the Configuration Guide for BIG-IP Local Traffic Manager.


2. Click the Import button.

3. Click the Browse button to browse to the location of the XML file

you want to import.

4. Specify whether you want to replace the existing acceleration

policy:

If you do not want to replace the existing acceleration policy,

clear the Overwrite existing policy of the same name checkbox. You can rename the acceleration policy after you import it.

If you want to replace an existing acceleration policy with the

imported acceleration policy with the same name, select the

Overwrite existing policy of the same name check box.

Tip

If you have more than one application that requires the same signed

acceleration policy, but with different logging options, you can copy the

signed acceleration policy and modify the logging options as required. See

To copy an existing acceleration policy, on page 2-7. For more information

about logging options, see Chapter 12, Specifying Log Formats for Hit

Logs.
http://-/?-http://-/?-http://-/?-


30/186

Chapter 2

2 - 10

Publishing acceleration policiesWhen you modify rules for a user-defined acceleration policy that is

currently assigned to an application, the WebAccelerator system creates adevelopment copy and continues to use the currently published (production)

copy to manage requests. The WebAccelerator system uses the modified

acceleration policy to manage traffic only after you publish it.

If you create a new acceleration policy, you must publish it before you can

assign it to an application.

To publish an acceleration policy



2. In the Tools column for the acceleration policy you want to publish,

click the Publish link.

3. In the Comment box, type any optional text that you want displayed

with the publishing details, such as a brief summary of the changes

you made.

4. ClickPublish Now.


31/186



Saving an acceleration policy to an XML fileYou can use the export feature to save an acceleration policy to an XML

file. We recommend that you use the export feature every time you change auser-defined acceleration policy, so that you always have a copy of the most

recent acceleration policy. You can use this file for back up and archival

purposes, or to provide to the F5 Networks Technical Support team for

troubleshooting issues.

To save an acceleration policy to an XML file



2. In the Tools column for the acceleration policy you want to export,

click the Export link.

3. From the Export list, select one of the following:

Published Policy

Select this option to export an acceleration policy that an

application is currently using. If the acceleration policy has not

been published, this option does not display.

Development Policy

Select this option to export an unpublished acceleration policy.

4. Click the Export button.


6. Navigate to the location where you want to save the file.


To import a saved acceleration policy



2. ClickImport.

3. Click the Browse button to browse to the location of the XML file

you want to import.

4. Specify whether you want to replace the existing acceleration

policy: If you do not want to replace the existing acceleration policy,

clear the Overwrite existing policy of the same name checkbox. You can rename the acceleration policy after you import it.

If you want to replace an existing acceleration policy with the

imported acceleration policy of the same name, select the

Overwrite existing policy of the same name check box.


32/186

Chapter 2

2 - 12

After you import an acceleration policy, you can publish it to make it

available for assignment to your applications.


33/186

3Using the Policy Editor

Overview of the Policy Editor screen

Using the Policy Tree

Understanding acceleration policy rule inheritance

Modifying a Policy Tree for an acceleration policy


34/186


35/186

Using the Policy Editor


Overview of the Policy Editor screenFrom the Policy Editor screen, you can view the matching rules and

acceleration rules for user-defined and predefined acceleration policies, aswell as create or modify user-defined acceleration policies.

To access the Policy Editor screen



2. Click the name of a user-defined or predefined acceleration policy.

The Policy Editor screen opens, where you can view the matching

rules and acceleration rules for the selected acceleration policy.

Note

You cannot view or modify the rules for a signed acceleration policy. Formore information, see Creating a signed acceleration policy, on page 2-8.

Figure 3.1 Policy Editor screen for an example acceleration policy


36/186

Chapter 3

3 - 2

There are three main parts to the Policy Editor screen:

Policy TreeLocated on the left side of the Policy Editor screen, the Policy Tree

contains branch nodes and leaf nodes. A branch node represents a groupof content types (such as application generated or static) and each leaf

node represents specific content (such as images, includes, PDF

documents, or Word documents).

The Policy Tree function bar includes the following options:

AddUse to create a new content type group (branch node) or a new

content type (leaf node).

RenameUse to change the name of a branch or leaf node.

Delete

Use to remove a branch or leaf node.

CopyUse to copy a branch or leaf node.

up, down arrowsUse to change the priority of a leaf node up or down within the branch

node.

Screen trailLocated above the Policy Editor menu bar, the screen trail displays

(horizontally) the screens that you accessed in order to arrive at the

current screen. You can click the name of a screen in the trail to move

back to a previous location.

Policy Editor menu barLocated below the screen trail, the Policy Editor menu bar contains a list

from which you select Matching Rules (default) or Acceleration Rules.

Figure 3.2 Matching rules displayed from the Policy Editor


37/186



When you select Acceleration Rules, the acceleration rules menu bardisplays, as illustrated in Figure 3.3.

Figure 3.3 Policy Editor menu bar displaying acceleration rules options

For more information about these acceleration rules, see the associated

chapters in this guide.
http://-/?-http://-/?-


38/186

Chapter 3

3 - 4

Using the Policy TreeMatching rules and acceleration rules for acceleration policies are organized

on the Policy Tree, which you access from the Policy Editor screen.

To view the Policy Tree for an acceleration policy


2. Click the name of the acceleration policy that you want to view.

The Policy Editor screen opens, with the Policy Tree to the left of

the screen.

Figure 3.4 A Policy Tree example

Policy Tree example

For this example, the site receives only two types of requests: Requests for a

CGI-based application and requests for GIF images.

The Policy Tree for this acceleration policy consists of two leaf nodes.

The Application leaf node has two associated matching rules that

identify a match for a CGI-based application as follows:

A rule based on the path that appears in the requests URL

A rule based on the request and response not matching an image

content type

The Images leaf node has an associated matching rule that identifies a

match in a request, if the file extension is .gif.


39/186



The WebAccelerator system matches requests to the Application leaf nodewhen the requests path is for a CGI-based application. Since the

WebAccelerator system matches both requests and responses, if the

response from the application on the origin web server is a GIF image, the

WebAccelerator system matches the response to the Images leaf node andapplies that leafs associated acceleration rules.


40/186

Chapter 3

3 - 6

Understanding acceleration policy rule inheritanceThe structure of the Policy Tree supports a parent-child relationship. This

allows you to easily randomize rules. That is, because a leaf node in a PolicyTree inherits all the rules from its root node and branch node, you can

quickly create multiple leaf nodes that contain the same rule parameters by

creating a branch with multiple leaf nodes. If you override or create new

rules at the branch node level, the WebAccelerator system reproduces those

changes to the associated leaf nodes.

Nodes are defined as follows.

Root nodeThe root node exists only for the purpose of inheritance; the

WebAccelerator system does not perform matching against root nodes.

The Policy Tree typically has only one root node, from which all other

nodes are created. For the example illustrated in Figure 3.5, on page 3-7,

the root node is Home. What distinguishes a root node from a branchnode is that a root node has no parent node.

Branch node

The branch nodes exist only for the purpose of propagating rule

parameters to leaf nodes; the WebAccelerator system does not perform

matching against branch nodes. For the example illustrated in Figure 3.5,

on page 3-7, the branch nodes are Applications, Images, Documents,

Components, and Other. Branch nodes can have multiple leaf (child)

nodes, as well as child branch nodes.

Leaf nodeA leaf node inherits rule parameters from its parent branch node. The

WebAccelerator system performs matching only against leaf nodes, andthen applies the leaf nodes corresponding acceleration rules to the

request. Leaf nodes are displayed on the Policy Tree in order of priority.

If a request matches two leaf nodes equally, the WebAccelerator system

matches to the leaf node with the highest priority. For the example

illustrated in Figure 3.5, on page 3-7, the leaf nodes that are displaying

are Default and Search.

Figure 3.5, on page 3-7, shows a sample Policy Tree for an acceleration

policy. Since the majority of the rules are the same for each leaf node, all of

the example acceleration policys rule parameters are defined at the Homebranch node. Therefore, all of the leaf nodes for the branch have the same

matching and acceleration rules. From that point, it was easy to modify the

rules only for the specific needs of the Default and Search leaf nodes.
http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-


41/186



Figure 3.5 Rule inheritance on a Policy Tree

Inheriting rule parameters

When you create a user-defined acceleration policy by copying an existing

acceleration policy, you must determine from which branch node the

acceleration policy is inheriting specific rules, and decide whether you want

to change the rules at the leaf node or change the rules at the branch node.

To determine inheritance for a rule parameter, view the rule parameters

inheritance icon.

For example, Figure 3.6 illustrates matching rules for the Path and Headerrule parameters for a particular leaf node.

Figure 3.6 Inheritance example for Path and Header parameters
http://-/?-http://-/?-


42/186

Chapter 3

3 - 8

The arrow icon in the Inheritance column next to the Path parameterindicates this rule was inherited from the parent branch node. The

inheritance icon next to the Header parameter does not have an arrow,indicating that the rule was not inherited; it was created locally at the leaf

node.

Since the Header parameter rule is not inherited, you can delete the rule at

the leaf node level. However, you cannot delete the Path parameter becauseit was inherited from the branch node. To delete the Path parameter rule,

you must delete from its parent branch node.

For inherited rule parameters, you can determine the ancestor branch node

by hovering the cursor over the inheritance icon. For this example, when

placing the cursor on the inheritance icon next to Path, the branch node

Home displays as the ancestor node, as illustrated in Figure 3.7.

Figure 3.7 Inheritance example for Path parameter

Overriding inherited rule parameters

When you override an inherited setting for a rule, an override icon displays

(the inheritance icon with a red X) next to the rule setting. To see the node

where the option was overridden, place your cursor over the override icon.

For example, for the content assembly rule in Figure 3.8, all of the options

are inherited from the branch node, except for the Enable MultiConnectoption. For this node, the rule was disabled at the leaf node. When hovering

the cursor over the override icon, a message displays next to the ContentAssembly Options menu.

Figure 3.8 Inheritance example with overridden rule option
http://-/?-http://-/?-http://-/?-http://-/?-


43/186



To see if the current leaf node inherited this overridden option, click the

parent branch node and view its rules. In Figure 3.9, you see that there were

no rule settings overridden at the parent branch, indicating the rule was

inherited from the branch node, Home, and overridden at the leaf node.

Figure 3.9 Parent of leaf node example

When you follow this rule back to its grandparent, you see the rule options

are not inherited from any other node; they are set at the grandparent node

and they are all enabled, as indicated in Figure 3.10.

Figure 3.10 Grandparent of leaf node example

If you want to enable the content compression feature at the leaf node, you

can use one of the following options:

Override the inherited setting at the leaf node and select the Enable

Content Compression check box.

Cancel the override setting at the parent, so that the parent inherits the

Enable Content Compression setting of the grandparent, and passesthat setting to the leaf node.
http://-/?-http://-/?-http://-/?-http://-/?-


44/186

Chapter 3

3 - 10

Keep in mind that if you cancel the override setting at the grandparent

branch node, you change the settings for all of the child leaf nodes, not just

the leaf node you want to change.

Tip

Although you have the option to override rules at the leaf node level, you

should set up the Policy Tree in a logical way so that you only specify rules

for branch nodes that you want all or most of its child leaf nodes to inherit.

In other words, do not set a rule for a branch node if you know that most its

leaf nodes will not use that rule.


45/186



Modifying a Policy Tree for an acceleration policyTo customize a user-defined acceleration policy, you can modify the branch

and leaf nodes matching rules and acceleration rules. Or, you can add newbranch and leaf nodes and associated matching and acceleration rules to the

Policy Tree.

Important

You can edit only user-defined acceleration policies. You cannot edit

predefined or signed acceleration policies.

To add a new branch or leaf node to the Policy Tree

1. On the Policy Tree function bar, clickAdd.

2. In the Name box, type a name for the new branch or leaf node.


4. Select the Create a new Policy Tree branch check box.

5. Click the Create button.The screen refreshes and the Policy Tree displays with the new

branch, where you can specify the matching rules and acceleration

rules for the new branch as required.

To rename a node on the Policy Tree tree

1. On the Policy Tree, click the name of the node that you want to

rename.

2. On the Policy Tree function bar, clickRename.

3. In the Name box, type a new name for the node as required.

4. Click the Rename Node button.The screen refreshes and the Policy Tree displays the node with the

new name.

To delete a node from the Policy Tree

1. On the Policy Tree, click the node that you want to delete.

2. On the Policy Tree function bar, clickDelete.

The screen refreshes and the Policy Tree displays, without the nodeyou removed.

To copy a node on the Policy Tree

1. On the Policy Tree, click the node that you want to copy.

2. On the Policy Tree function bar, clickCopy.

3. In the Name box, type a name for the new node.


46/186

Chapter 3

3 - 12


5. Click the Copy button.The screen refreshes and the Policy Tree displays with the node you

copied.

To change the priority of a node on the Policy Tree

For ambiguous queries, the WebAccelerator system chooses between the

leaf nodes based on their priority on the Policy Tree. You can change the

priority of a leaf node only within a branch of the tree. For example, in

Figure 3.5, on page 3-7, you can give the Default leaf node priority over the

Search leaf node, but not over the Images node.

1. On the Policy Tree, click the node for which you want to change the

priority.

2. On the Policy Tree function bar, click the Up or Down button.The node changes positions on the Policy Tree, as directed.

For more information about ambiguous queries, see Application matching

based on node precedence, on page 5-2.
http://-/?-http://-/?-


47/186

4Using HTTP Headers to Configure

Acceleration Policy Rules

Using HTTP header parameters to process requests

Configuring rules based on HTTP request headers

Configuring rules based on HTTP response headers

Using regular expressions and meta tags for rules

Managing Cache-Control response headers

Using ESI Surrogate-Control headers

Viewing X-PvInfo response headers


48/186


49/186

Using HTTP Headers to Configure Acceleration Policy Rules


Using HTTP header parameters to process requestsMuch of the WebAccelerator systems behavior is dependent on the

configured rules associated with parameters in the HTTP request headers.Although important, the presence or value of HTTP response headers does

not influence as many aspects of the WebAccelerator systems behavior,

because the WebAccelerator system receives HTTP response headers after

performing certain types of processing.

When the WebAccelerator system receives a new request from a client, it

first reviews the HTTP request parameters to match it to the relevant

acceleration policy. After applying the associated matching rules, it sends

the request to the origin web server for content.

Before sending a response to a client, the WebAccelerator system inserts an

X-PvInfo response header to track how it handled the request. You cannotchange these informational headers, and they do not affect processing,

however, they can provide useful information for evaluating youracceleration policies. For more information, see Viewing X-PvInfo response

headers, on page 4-25.

Requirements for servicing requests

To maintain high performance, the WebAccelerator system does not service

an HTTP request unless the request meets the following conditions.

The request includes an HTTP request header that is no larger than 8192

bytes, and in the first line, identifies its method, URI, and protocol.

The method for the HTTP request header is a GET, POST, or HEAD.

The protocol for the HTTP request header is a HTTP/0.9, HTTP/1.0, or

HTTP/1.1.

The HTTP post data on the request is no larger than 32768 bytes.

If the request provides the Expect request header, the value is

100-continue.

If the request provides the Content-Type request header, the value is

application/x-www-form-urlencoded.

The request includes a Host request header identifying a targeted host

that is mapped to an origin server at your site. For more information, see

the Planning your host map section in Chapter 3 of the Configuration

Guide for the BIG-IP WebAccelerator System.

If the HTTP Host request header is missing or does not have a value, the

WebAccelerator system responds to the requesting client with a 400-series

error message. If the request violates any of the other conditions, the

WebAccelerator system redirects the request to the origin web servers for

content.


50/186

Chapter 4

4 - 2

Processing requests

When a WebAccelerator system receives an HTTP request that meets the

conditions described in Requirements for servicing requests, on page 4-1,

the WebAccelerator system processes the request as follows:

1. Performs application matching against the request and retrieves the

associated acceleration rules.

2. If matched to a proxying rule, the WebAccelerator system sends the

request to the origin web servers as required by the rule.

Proxying rules are described in Chapter 8, Configuring Proxying

Rules.

3. If the request does not match to a proxying rule, the WebAccelerator

system attempts to retrieve the appropriate compiled response from

its cache.

4. If there is no compiled response in its cache, the WebAcceleratorsystem sends the request to the origin web servers for content.

5. If it finds a compiled response in its cache, the WebAccelerator

system looks for an associated content invalidations rule for the

compiled response.

For the conditions and mechanisms that trigger a content

invalidations rule, see Chapter 10, Configuring Invalidations Rules.

6. If a content invalidations rule is triggered for the compiled response,

the WebAccelerator system compares the rules effective time

against the compiled responses last refreshed time. If the compiled

responses last refreshed time is before the content invalidations

rules triggered time, the WebAccelerator system sends the request

to the origin web servers for content.

7. If a content invalidations rule is not triggered, or if the compiled

responses last refreshed time is after the invalidations rules

effective time, the WebAccelerator system examines the compiled

responses TTL value to see if the compiled response has expired. If

it has expired, the WebAccelerator system sends the request to the

origin web servers.

8. If the compiled response has not expired, the WebAccelerator

system services the request using the cached compiled response.

Requirements for caching responsesWhen the WebAccelerator system receives a response from the origin web

server, it inspects the HTTP response headers, applies the acceleration rules

to the response, and sends the content to the client. To ensure the most

effective performance, the WebAccelerator system does not cache a

response from the origin server, or forward it to the originating requestor,

unless it meets the following conditions.

The request does not match to a do-not-cache proxying rule.

See Chapter 8, Configuring Proxying Rules, for more information.


51/186



The first line of the response identifies the protocol, a response code that

is an integer value, and a response text.

For example: HTTP/1.1 200 (OK)

If the Transfer-Encoding response header is used on the response, thevalue is chunked.

The response is complete, based on the method and type of data

contained within the response, as follows:

HTML tagsBy default, the WebAccelerator system considers a response in the

form of an HTML page complete only if it contains both beginning

and ending HTML tags.

Content-Length response headerIf a response is anything other than an HTML page, or if you have

overridden the default behavior described in the previous bullet point,

the WebAccelerator system considers content complete only if the

response body size matches the value specified on theContent-Length response header.

Chunked transfer codingIf you do not use a Content-Length response header for a response,

you must use chunked transfer coding. If you use chunked transfer

coding, the WebAccelerator system does not consider content

complete until it receives the final zero-sized chunk. For information

about chunked transfer coding, see section 3.6 in the HTTP/1.1

specification

http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.6

The body of a response does not exceed the value of the

maxResponseDataSize parameter in the WebAccelerator systems

configuration file. By default, this value is 64MB.

If the WebAccelerator system receives a response from the origin server that

does not conform to these conditions, it does not cache the response before

sending it to the client.


52/186

Chapter 4

4 - 4

Configuring rules based on HTTP request headersIn most cases, the default values for the predefined acceleration policies are

sufficient, but you can fine-tune the WebAccelerator systems behavior bycreating a user-defined acceleration policy and modifying the HTTP request

data type parameters. When you specify or modify an HTTP data type

parameter for an acceleration policy rule, you define specific HTTP data

type parameter criteria that the WebAccelerator system uses to manage

HTTP requests. When specifying parameter criteria, you designate the

following information within a rule.

Parameter identityThis can include one or more of the following criteria:

Parameter type

Parameter name

Parameter location within the HTTP request

Parameter value or stateThis can include one or more of the following parameter state and value:

Parameter is present in the HTTP request and matches the defined

value provided in the form of a regular expression

Parameter is present in the HTTP request and does not match the

specified value provided in the form of a regular expression

Parameter is present in the HTTP request, but has no value (is an

empty string)

Parameter is not present in the HTTP request

WebAccelerator system actionWhere you specify the following criteria:

Whether the WebAccelerator system performs an action on a match or

a no match

The action that the WebAccelerator system performs, which is

dictated by the rules in the associated acceleration policy

For example, if you specify a rule that the WebAccelerator system

performs an action when a request does not match a configured

parameter, the rule triggers if the parameter in the request is a different

value than you specified, or if the value is empty (null). The

WebAccelerator system does not perform the specified action if the

parameter does not appear in the request.


53/186



Specifying HTTP data type parameters for a ruleYou cannot configure rules based on all HTTP data types parameters; you

can only specify the parameters that the WebAccelerator system uses when

processing HTTP requests. Table 4.1 outlines the HTTP data type

parameters that you can configure specific rules.

Note

Lifetime rules and responses cached rules, described in Chapter9,

Configuring Lifetime Rules, and Chapter 11, Configuring Responses

Cached Rules, do not use HTTP data type parameters.

The HTTP data type parameters that the WebAccelerator system uses when

processing HTTP requests, are defined as follows.

Note

To specify that the parameter name is case-sensitive, enable the Values are

case sensitive setting when configuring the parameter options.

Parameters

Matching

Rules

Variation

Rules

Assembly

Rules

Proxying

Rules

Invalidations

Rules

Host x x x x

Path x x

Extension x x

Query parameter x x x x x

Unnamed query parameter x x x x x

Path segment x x x x x

Cookie x x x x

User Agent x x x x

Referrer x x x x

Protocol x x x x

Method x x x x

Header x x x x

Client IP x x x x

Content Type x

Table 4.1 HTTP request data type parameters
http://-/?-http://-/?-


54/186

Chapter 4

4 - 6

Host

A rule that uses the host parameter is based on the value provided for theHTTP Host request header field. This header field describes the DNS name

that the HTTP request is using. For example, for the following URL the hostequates to HOST: www.siterequest.com.

http://www.siterequest.com/apps/srch.jsp?value=computers

Path

A rule that uses the path parameter is based on the path portion of the URI.

The path is defined as everything in the URL after the host and up to the end

of the URL, or up to the question mark, (whichever comes first). For

example:

Extension

A rule that uses the extension parameter is based on the value that follows

the far-right period, in the far-right segment key of the URL path.

Note

Segment keys, the text following the semicolon and preceding the question

mark in the third URL, are described in Path segment, on page 4-7.

For example, in the following URLs, gif, jpg, and jsp are all extensions:

http://www.siterequest.com/images/up.gif

https://reader012.{domain}/reader012/html5/0820/5b79e4bce860f/5b79e4ddab546.jp

http://www.siterequest.com/apps/psrch.jsp;sID=AAyB23?src=magic

Query parameterA rule that uses the query parameter is based on a particular query

parameter that you identify by name, and for which you provide a value to

match against. The value is usually literal and must appear on the query

parameter in the request, or a regular expression that matches the requests

query parameter value. The query parameter can be in a request that uses

GET or POST methods.

URL Path

http://www.siterequest.com/apps/srch.jsp?value

=computers

/apps/srch.jsp

http://www.siterequest.com/apps/magic.jsp /apps/magic.jsp

Table 4.2 Path example
http://-/?-http://-/?-http://-/?-


55/186



You can also create a rule that matches the identified query parameter when

it is provided with an empty value, or when it is absent from the request. For

example, in the following URL the action query parameter provides anempty value:

http://www.siterequest.com/apps/srch.jsp?action=&src=magic

Unnamed query parameter

An unnamed query parameter is a query parameter that has no equal sign.That is, only the query parameter value is provided in the URL of the

request. For example, the following URL includes two unnamed query

parameters that have the value of dog and cat:

http://www.siterequest.com/apps/srch.jsp?dog&cat&src=magic

A rule that uses the unnamed query parameter specifies the ordinal of theparameter, instead of a parameter name. The ordinal is the position of the

unnamed query parameter in the query parameter portion of the URL. Youcount ordinals from left to right, starting with 1. In the previous URL, dog isordinal 1, and cat is ordinal 2.

You can create a rule that matches the identified (unnamed) query parameter

when it is provided with an empty value, or when it is absent from the

request. For example, in the following URL, ordinal 1 provides an empty

value.

http://www.siterequest.com/apps/srch.jsp?&cat&src=magic

In the following URL, ordinal 3 is absent (dog is in ordinal 1 and src is in

ordinal 2).

http://www.siterequest.com/apps/srch.jsp?dog&src=magic.

Path segment

A rule that uses the path segment parameter identifies one of the following

values:

Segment key

Segment parameter

Segment keys

A segment is the portion of a URI path that is delimited by a forward slash

(/). For example, in the path: /apps/search/full/complex.jsp, apps, search,

full, and complex.jsp all represent path segments. Further, each of thesevalues are also the segment key, or the name of the segment.

Segment parameters

A segment parameter is the value in a URL path that appears after the

segment key. Segment parameters are delimited by semicolons. For

example, magic, shop, and act are all segment parameters for their

respective path segments in the following path:

/apps/search/full;magic/complex.jsp;shop;act


56/186

Chapter 4

4 - 8

To specify segment parameters, you must also identify:

Segment ordinals

Segment parameter ordinals

Segment ordinals

To specify a segment for a rule, you must provide an ordinal that identifies

the location of the segment in the path:

/apps/search/full;magic/complex.jsp;shop;act

You must also indicate in the rule, which way you are counting ordinals in

the path: from the left or the right (you always count starting at 1). For the

example shown, /full;magic, the ordinals for this path are as show in Table

4.3.

Segment parameter ordinals

When you specify a segments ordinal for a rule, you must also identify the

ordinal of the element within the segment. You count segment parameter

ordinals left-to-right in the path, and the segment key is always ordinal 0.For the segment, /complex.jsp;shop;act, the ordinals and elements are

defined as outlined in Table 4.4.

Cookie

A rule that uses the cookie parameter is based on a particular cookie that

you identify by name, and for which you provide a value to match against.

Usually the value is literal a

Policy Management Guide for the BIG-IP WebAccelerator System

Documents

Transcript of Policy Management Guide for the BIG-IP WebAccelerator System