wa policy management guide 10 2
Post on 04-Jun-2018
217 Views
Preview:
TRANSCRIPT
-
8/13/2019 Wa Policy Management Guide 10 2
1/186
Policy Management Guidfor the BIG-IP WebAccelerator Syste
version 1
MAN-02
-
8/13/2019 Wa Policy Management Guide 10 2
2/186
-
8/13/2019 Wa Policy Management Guide 10 2
3/186
Policy Management Guide for the BIG-IP WebAcceleratorTM System i
Product Version
This manual applies to product version 10.2 of the BIG-IP WebAccelerator.
Publication DateThis manual was published on December 21, 2010.
Legal Notices
Copyright
Copyright 2008-2010, F5 Networks, Inc. All rights reserved.
F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5
assumes no responsibility for the use of this information, nor any infringement of patents or other rights of
third parties which may result from its use. No license is granted by implication or otherwise under any
patent, copyright, or other intellectual property right of F5 except as specifically described by applicableuser licenses. F5 reserves the right to change specifications at any time without notice.
Trademarks
F5, F5 Networks, the F5 logo, BIG-IP, 3-DNS, Access Policy Manager, APM, Acopia, Acopia Networks,
Advanced Client Authentication, Advanced Routing, AskF5, Application Security Manager, ASM, ARX,
Data Manager, DevCentral, Edge Client, Edge Gateway, Enterprise Manager, EM, Fast Application Proxy,
Fast Cache, FirePass, Global Traffic Manager, GTM, iControl, Intelligent Browser Referencing, IBR,
Intelligent Compression, IPv6 Gateway, iQuery, iRules, iRules OnDemand, L7 Rate Shaping, Link
Controller, LC, Local Traffic Manager, LTM, Message Security Module, MSM, NetCelera, OneConnect,
Packet Velocity, Protocol Security Module, PSM, Real Traffic Policy Builder, Secure Access Manager,
SAM, SSL Acceleration, StrongBox, SYN Check, TCP Express, Traffic Management Operating System,
TMOS, TrafficShield, Transparent Data Reduction, TDR, VIPRION, WANJet, WAN Optimization
Module, WOM, WebAccelerator, WA, and ZoneRunner, are trademarks or service marks of F5 Networks,
Inc., in the U.S. and other countries, and may not be used without F5's express written consent.
All other product and company names herein may be trademarks of their respective owners.
Patents
This product protected by U.S. Patent[s] 6,505,230; 6,640,240; 6,772,203; 6,970, 933; 7,113,962; and
7,114,180. Other patents pending.
Export Regulation Notice
This product may include cryptographic software. Under the Export Administration Act, the United States
government may consider it a criminal offense to export this product from the United States.
RF Interference Warning
This is a Class A product. In a domestic environment this product may cause radio interference, in which
case the user may be required to take adequate measures.
FCC Compliance
This equipment has been tested and found to comply with the limits for a Class A digital device pursuant
to Part 15 of FCC rules. These limits are designed to provide reasonable protection against harmful
interference when the equipment is operated in a commercial environment. This unit generates, uses, and
can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual,
may cause harmful interference to radio communications. Operation of this equipment in a residential area
is likely to cause harmful interference, in which case the user, at his own expense, will be required to take
whatever measures may be required to correct the interference.
Any modifications to this device, unless expressly approved by the manufacturer, can void the user's
authority to operate this equipment under part 15 of the FCC rules.
-
8/13/2019 Wa Policy Management Guide 10 2
4/186
-
8/13/2019 Wa Policy Management Guide 10 2
5/186
Policy Management Guide for the BIG-IP WebAcceleratorTM System iii
This product includes the standard version of Perl software licensed under the Perl Artistic License (
1997, 1998 Tom Christiansen and Nathan Torkington). All rights reserved. You may find the most current
standard version of Perl at http://www.perl.com.
This product includes software developed by the University of California, Berkeley and its contributors.
This product includes software developed by the Computer Systems Engineering Group at the Lawrence
Berkeley Laboratory.
This product includes software developed by the NetBSD Foundation, Inc. and its contributors.
This product includes software developed by Christopher G. Demetriou for the NetBSD Project.
This product includes software developed by Adam Glass.
This product includes software developed by Christian E. Hopps.
This product includes software developed by Dean Huxley.
This product includes software developed by John Kohl.
This product includes software developed by Paul Kranenburg.
This product includes software developed by Terrence R. Lambert.
This product includes software developed by Philip A. Nelson.
This product includes software developed by Herb Peyerl.
This product includes software developed by Jochen Pohl for the NetBSD Project.
This product includes software developed by Chris Provenzano.
This product includes software developed by Theo de Raadt.
This product includes software developed by David Muir Sharnoff.
This product includes software developed by SigmaSoft, Th. Lockert.
This product includes software developed for the NetBSD Project by Jason R. Thorpe.
This product includes software developed by Jason R. Thorpe for And Communications,
http://www.and.com.
This product includes software developed for the NetBSD Project by Frank Van der Linden.
This product includes software developed for the NetBSD Project by John M. Vinopal.
This product includes software developed by Christos Zoulas.
This product includes software developed by Charles Hannum.
This product includes software developed by Charles Hannum, by the University of Vermont and Stage
Agricultural College and Garrett A. Wollman, by William F. Jolitz, and by the University of California,Berkeley, Lawrence Berkeley Laboratory, and its contributors.
This product includes software developed by the University of Vermont and State Agricultural College and
Garrett A. Wollman.
In the following statement, "This software" refers to the Mitsumi CD-ROM driver: This software was
developed by Holger Veit and Brian Moore for use with "386BSD" and similar operating systems.
"Similar operating systems" includes mainly non-profit oriented systems for research and education,
including but not restricted to "NetBSD," "FreeBSD," "Mach" (by CMU).
In the following statement, "This software" refers to the parallel port driver: This software is a component
of "386BSD" developed by William F. Jolitz, TeleMuse.
This product includes software developed by the Apache Group for use in the Apache HTTP server project
(http://www.apache.org/).
This product includes software developed by Darren Reed. ( 1993-1998 by Darren Reed).
This product includes software licensed from Richard H. Porter under the GNU Library General Public
License ( 1998, Red Hat Software), www.gnu.org/copyleft/lgpl.html.
This product includes the standard version of Perl software licensed under the Perl Artistic License (
1997, 1998 Tom Christiansen and Nathan Torkington). All rights reserved. You may find the most current
standard version of Perl at http://www.perl.com.
This product includes software developed by Eric Young.
Portions of the material included in Appendix C came from the Internet Software Consortium,
http://www.isc.org/.
Rsync was written by Andrew Tridgell and Paul Mackerras, and is available under the Gnu Public License.
This product includes Malloc library software developed by Mark Moraes. ( 1988, 1989, 1993,
University of Toronto).
-
8/13/2019 Wa Policy Management Guide 10 2
6/186
iv
This product includes open SSL software developed by Eric Young (eay@cryptsoft.com), ( 1995-1998).
This product includes open SSH software developed by Tatu Ylonen , Espoo, Finland (
1995).
This product includes open SSH software developed by Niels Provos ( 1999).
This product includes SSH software developed by Mindbright Technology AB, Stockholm, Sweden,
www.mindbright.se, info@mindbright.se ( 1998-1999).
This product includes free SSL software developed by Object Oriented Concepts, Inc., St. John's, NF,
Canada, ( 2000).
This product includes software developed by Object Oriented Concepts, Inc., Billerica, MA, USA (
2000).
This product includes software developed by The Legion of the Bouncy Castle. Copyright (c) 2000 - 2009
The Legion Of The Bouncy Castle (http://www.bouncycastle.org)
-
8/13/2019 Wa Policy Management Guide 10 2
7/186
Table of Contents
-
8/13/2019 Wa Policy Management Guide 10 2
8/186
-
8/13/2019 Wa Policy Management Guide 10 2
9/186
Table of Contents
Policy Management Guide for the BIG-IP WebAccelerator System vii
1Getting Started with the WebAccelerator System
About the WebAccelerator system .......................................................................................... 1-1
About this guide .................................................................................................................... 1-1Reviewing the documentation set .............................................................................................. 1-2
Finding help and technical support resources .........................................................................1-3
2Using Acceleration Policies
Overview of acceleration policies .............................................................................................. 2-1
Types of acceleration policies ............................................................................................ 2-1
Managing your acceleration policies .......................................................................................... 2-3
Customizing acceleration policies .............................................................................................. 2-6
Creating a user-defined acceleration policy .................................................................... 2-6
Creating a signed acceleration policy ............................................................................... 2-8
Publishing acceleration policies .................................................................................................2-10
Saving an acceleration policy to an XML file ..........................................................................2-11
3Using the Policy Editor
Overview of the Policy Editor screen .......................................................................................3-1
Using the Policy Tree .................................................................................................................... 3-4
Policy Tree example ............................................................................................................ 3-4
Understanding acceleration policy rule inheritance ............................................................... 3-6
Inheriting rule parameters .................................................................................................. 3-7
Overriding inherited rule parameters .............................................................................. 3-8
Modifying a Policy Tree for an acceleration policy ..............................................................3-11
4Using HTTP Headers to Configure Acceleration Policy RulesUsing HTTP header parameters to process requests ........................................................... 4-1
Requirements for servicing requests ................................................................................ 4-1
Requirements for caching responses ................................................................................ 4-2
Configuring rules based on HTTP request headers ............................................................... 4-4
Specifying HTTP data type parameters for a rule ......................................................... 4-5
Configuring rules based on HTTP response headers ..........................................................4-12
Classifying responses ..........................................................................................................4-12
Applying associated acceleration policy rules ..............................................................4-13
Assembling responses ........................................................................................................4-14
Using regular expressions and meta tags for rules ..............................................................4-15
Supported regular expression strings ............................................................................ 4-15
Supported meta characters ..............................................................................................4-17
Managing Cache-Control response headers ..........................................................................4-19Honoring HTTP request and response header no-cache directives ......................4-19
Using max-age value for compiled responses ..............................................................4-21
Using ESI Surrogate-Control headers .....................................................................................4-22
Supported Surrogate-Control directives .......................................................................4-22
Overriding HTTP Cache-Control headers ...................................................................4-24
Using surrogate targeting ..................................................................................................4-24
Viewing X-PvInfo response headers ........................................................................................ 4-25
S code ....................................................................................................................................4-26
C code ...................................................................................................................................4-27
A code ...................................................................................................................................4-28
-
8/13/2019 Wa Policy Management Guide 10 2
10/186
Table of Contents
viii
R code ....................................................................................................................................4-28
G code ...................................................................................................................................4-28
U code ...................................................................................................................................4-29
5Configuring Matching Rules
Overview of application matching .............................................................................................. 5-1
Application matching based on node precedence ......................................................... 5-2
Additional application matching considerations .............................................................5-2
Processing unmatched requests ........................................................................................ 5-3
Configuring an example matching rule ......................................................................................5-4
6Configuring Variation Rules
Overview of variation rules ......................................................................................................... 6-1
Using variation rules to increase cache efficiency ......................................................... 6-2
Using variation rules to serve user-specific content ..................................................... 6-2Defining variation rule parameters ............................................................................................ 6-4
Using value groups ................................................................................................................6-4
Managing conflicting rule parameters ........................................................................................ 6-5
Configuring an example variation rule ......................................................................................6-7
7Configuring Assembly Rules
Overview of assembly rules ......................................................................................................... 7-1
Using the Intelligent Browser Referencing feature ................................................................ 7-2
Enabling the Intelligent Browser Referencing feature .................................................. 7-3
Intelligent Browser Referencing example ........................................................................ 7-4
Using the MultiConnect feature ................................................................................................. 7-5
Enabling the MultiConnect feature ................................................................................... 7-5Using content compression ......................................................................................................... 7-8
Enabling content compression ........................................................................................... 7-8
Managing content served from origin web servers ..............................................................7-10
Enabling content assembly on proxies feature .............................................................7-10
Using parameter value substitution ......................................................................................... 7-11
Configuring value substitution parameters for an assembly rule .............................7-12
Specifying advanced assembly options .....................................................................................7-15
Configuring an example assembly rule ....................................................................................7-17
8Configuring Proxying Rules
Overview of proxying rules ......................................................................................................... 8-1
Configuring example proxy rule parameters ........................................................................... 8-3Enabling the Always proxy requests for this node setting ................................................... 8-4
Configuring an example proxy override rule ..........................................................................8-5
Configuring an example proxying rule ......................................................................................8-6
9Configuring Lifetime Rules
Overview of lifetime rules ........................................................................................................... 9-1
Understanding lifetime mechanism precedence ............................................................ 9-1
Defining Header Lifetime Option settings ............................................................................... 9-3
-
8/13/2019 Wa Policy Management Guide 10 2
11/186
Table of Contents
Policy Management Guide for the BIG-IP WebAccelerator System ix
Obey ESI max-age headers if present ............................................................................... 9-3
Use HTTP lifetime headers if present .............................................................................. 9-3
Configuring the WebAccelerator Cache Settings .................................................................. 9-5
Maximum Age ........................................................................................................................ 9-5
Stand-in Period ...................................................................................................................... 9-5HTTP Lifetime Heuristic ..................................................................................................... 9-6
Configuring the Client Cache Settings ......................................................................................9-7
Do not change ....................................................................................................................... 9-7
Maximum Age ........................................................................................................................ 9-7
Insert no-cache header ........................................................................................................ 9-8
Configuring an example lifetime rule ......................................................................................... 9-9
10Configuring Invalidations Rules
Overview of invalidations rules ................................................................................................10-1
Triggering invalidation ........................................................................................................10-2
Setting the lifetime for invalidations rules .....................................................................10-3
Defining invalidations rule parameters ....................................................................................10-4Request Header Matching Criteria .................................................................................10-4
Cached Content to Invalidate ..........................................................................................10-5
Configuring an example invalidations rule ..............................................................................10-6
11Configuring Responses Cached Rules
Overview of responses cached rules ......................................................................................11-1
Caching HTML content ..................................................................................................... 11-2
Caching content based on response status codes ......................................................11-2
Configuring an example responses cached rule ....................................................................11-3
12Specifying Log Formats for Hit LogsUsing hit logs .................................................................................................................................12-1
Selecting a standard log format for hit logs ...........................................................................12-2
Standard log format examples ......................................................................................... 12-3
Creating a custom log format for hit logs ..............................................................................12-5
Configuring an example customized hit log format .............................................................12-7
Glossary
Index
-
8/13/2019 Wa Policy Management Guide 10 2
12/186
Table of Contents
x
-
8/13/2019 Wa Policy Management Guide 10 2
13/186
1Getting Started with the WebAccelerator
System
About the WebAccelerator system
Reviewing the documentation set
Finding help and technical support resources
-
8/13/2019 Wa Policy Management Guide 10 2
14/186
-
8/13/2019 Wa Policy Management Guide 10 2
15/186
-
8/13/2019 Wa Policy Management Guide 10 2
16/186
Chapter 1
1 - 2
Reviewing the documentation setThe WebAccelerator system documentation set consists of the following
items:
Configuration Guide for the BIG-IP WebAccelerator System
Describes the core product concepts and provides the procedures for
configuring and monitoring the WebAccelerator system.
Policy Management Guide for the BIG-IP WebAccelerator System
Provides information about creating and editing policies to tailor the
WebAccelerator system for optimal performance.
Release notes
Provide information about new features, fixes, known issues, and
workarounds.
Online help
Provides context-sensitive description of each control and setting on eachscreen.
Additionally, you must review specific chapters in the following guides:
BIG-IP Systems: Getting Started Guide
For information about performing the required configuration for the
BIG-IP Local Traffic Manager, as well as information about installing,
enabling, and configuring resource provisioning for the WebAccelerator
system license.
Configuration Guide for BIG-IPLocal Traffic Manager
For information about how to define a virtual server and pool.
TMOSManagement Guide for BIG-IP Systems
For an overview of the complete BIG-IP product offering.
-
8/13/2019 Wa Policy Management Guide 10 2
17/186
Getting Started with the WebAccelerator System
Policy Management Guide for the BIG-IP WebAccelerator System 1 - 3
Finding help and technical support resourcesYou can find technical documentation and product information using the
following resources:
Welcome screen in the Configuration utilityThe Welcome screen in the Configuration utility contains links to many
useful web sites and resources, including:
The F5 Networks Technical Support web site
The F5 Solution Center
The F5 DevCentralSM web site
Plug-ins, SNMP MIBs, and SSH clients
Online helpThe WebAccelerator system provides context-sensitive online help for
each screen. The online help contains descriptions of each control andsetting on the screen. To access the online help, click the Help tab on the
left navigation pane of the Configuration utility.
F5 Networks Technical Support web siteThe F5 Networks Technical Support web site provides the latest
documentation set for the product, including:
Release notes, current and past
Software and hardware guides, current and past (in PDF and HTML
format)
Technical notes
The Ask F5SM Knowledge Base
To access the F5 Networks Technical Support web site, you need to
register athttps://support.f5.com.
-
8/13/2019 Wa Policy Management Guide 10 2
18/186
Chapter 1
1 - 4
-
8/13/2019 Wa Policy Management Guide 10 2
19/186
2Using Acceleration Policies
Overview of acceleration policies
Managing your acceleration policies
Customizing acceleration policies
Publishing acceleration policies
Saving an acceleration policy to an XML file
-
8/13/2019 Wa Policy Management Guide 10 2
20/186
-
8/13/2019 Wa Policy Management Guide 10 2
21/186
Using Acceleration Policies
Policy Management Guide for the BIG-IP WebAccelerator System 2 - 1
Overview of acceleration policiesAnacceleration policyis a collection of defined rule parameters that dictate
how the BIG-IP WebAccelerator system handles HTTP requests andresponses. The WebAccelerator system uses two types of rules to manage
content: matching rules and acceleration rules. Matching rulesare used to
classify requests by object type and match the request to a specific
acceleration policy. Once matched to an acceleration policy, the
WebAccelerator system applies the associatedacceleration rulesto manage
the requests and responses.
Depending on the application specific to your site, information in requests
can sometimes imply one type of response (such as a file extension of.jsp),when the actual response is a bit different (like a simple document). For this
reason, the WebAccelerator system applies matching rules twice: once to
the request, and a second time to the response. This means that a request and
a response can match to different acceleration rules, but it ensures that theresponse is matched to the acceleration policy that is best suited to it.
Tip
See Chapter4, Using HTTP Headers to Configure Acceleration Policy
Rules, for details about how the WebAccelerator system performs matching
on specific parameters in acceleration policy rules.
Types of acceleration policies
There are three types of acceleration policies that you can use to speed up
the access to your web applications.
Pre-defined Acceleration Policies
The WebAccelerator system ships with several predefined acceleration
policies that are optimized for specific web applications, as well as two
non-application specific policies for general delivery, and one for an
optional symmetric deployment.
The general-delivery acceleration policies work well for sites that use
Java 2 Platform Enterprise Edition (J2EE) applications, and are defined
as follows:
Level 1 DeliveryPrompts the WebAccelerator system to send all requests for HTML
pages to the origin web server for content, ignore any no-cachedirectives included in HTTPCache-Controlrequest headers, and usethe cache response directives that it receives from the origin web
server. This policy is compliant with HTML version 2.0.
Level 2 DeliveryPrompts the WebAccelerator system to cache HTML pages and set a
lifetime setting for content to 0, use the Intelligent Browser
Referencing feature only for documents and includes, ignore any
no-cache directives included in HTTPCache-Controlrequest header,
and use the cache response directives that it receives from the origin
-
8/13/2019 Wa Policy Management Guide 10 2
22/186
Chapter 2
2 - 2
web server. This policy is compliant with HTML version 3.0, and
later. In most cases, you should use this predefined policy for those
applications for which there is no application-specific predefined
policy available.
User-defined Acceleration PoliciesA policy that you create by either copying an existing policy and
modifying or adding rules, or by creating a new acceleration policy and
specifying all new rules.
Signed Acceleration PoliciesA policy created, certified, and encrypted by its author, such as a
consultant or vendor. You can also create your own signed acceleration
policy by configuring a user-defined acceleration policy, and signing it.
After an acceleration policy is signed, you cannot view or modify the
configured rules, as you can for predefined and user-defined acceleration
policies.
-
8/13/2019 Wa Policy Management Guide 10 2
23/186
Using Acceleration Policies
Policy Management Guide for the BIG-IP WebAccelerator System 2 - 3
Managing your acceleration policiesThe Policies screen displays all of the acceleration policies that are available
for assignment to your applications.
To access the Policies screen
In the navigation pane, expandWebAcceleratorand clickPolicies.The Policies screen displays a list of existing acceleration policies.
Figure 2.1 Example Policies screen
From the Policies screen, you can access other screens, from which you can
perform additional tasks.
To view rules for an acceleration policy
1. In the navigation pane, expandWebAcceleratorand clickPolicies.
The Policies screen displays a list of existing acceleration policies.
-
8/13/2019 Wa Policy Management Guide 10 2
24/186
Chapter 2
2 - 4
2. Click the name of the acceleration policy you want to view.
Note that you cannot view rules for a signed acceleration policy. For
more information, seeCreating a signed acceleration policy, on
page 2-8.
3. Click a node on the Policy Tree.
The matching rules display for the selected node.
4. From the Matching Rules list, choose Acceleration Rules.
5. Click the name of an acceleration rule to view the configured rule
parameters for the selected node.
To rename a user-defined or signed acceleration policy
1. In the navigation pane, expandWebAcceleratorand clickPolicies.
The Policies screen displays a list of existing acceleration policies.
2. In the Tools column for the acceleration policy you want to modify,
click theRenamelink.
3. In theNamebox, type a new name for the acceleration policy.
4. In theDescriptionbox, type an optional description.
5. Click theRenamebutton to save the changes.
To delete a user-defined or signed acceleration policy
WARNING
Do not delete an acceleration policy unless you are sure that you do notever want to refer to it again. You cannot recover a deleted acceleration
policy. You can retain an acceleration policy to use later, even if you do not
have an application that is currently using it.
1. In the navigation pane, expandWebAcceleratorand clickPolicies.The Policies screen displays a list of existing acceleration policies.
2. Select the check box next to an acceleration policy, and then click
theDeletebutton.Note that you cannot delete a predefined acceleration policy.
3. Confirm the deletion, keeping in mind that you cannot recover a
deleted acceleration policy.
To specify a logging format for an acceleration policy
1. In the navigation pane, expandWebAcceleratorand clickPolicies.
The Policies screen displays a list of existing acceleration policies.
2. In the Tools column for the acceleration policy you want to modify,
click theLogginglink.Note that you cannot change the logging options for a predefined
acceleration policy.
-
8/13/2019 Wa Policy Management Guide 10 2
25/186
Using Acceleration Policies
Policy Management Guide for the BIG-IP WebAccelerator System 2 - 5
3. To create individual logs for the HTTP and HTTPS protocols, select
theLog HTTP and HTTPS requests separatelycheck box.
4. For each protocol you want to log, select the button next to the
following options as required:
Log all transactions
Only log transactions served from cache
Do not log
5. If you selectLog all transactions, or Only log transactions served
from cache, then select a format for the logs from theLog Formatlist for each protocol.
6. Click theSavebutton.
For detailed information about logging options, see Chapter12, SpecifyingLog Formats for Hit Logs.
-
8/13/2019 Wa Policy Management Guide 10 2
26/186
Chapter 2
2 - 6
Customizing acceleration policiesIf you have a unique application for which you cannot use a predefined
acceleration policy, you can create a new, user-defined acceleration policyor a signed acceleration policy.
Before you can create a new acceleration policy, you need to analyze the
type of traffic that your sites applications receive, and decide how you want
the WebAccelerator system to manage those HTTP requests and responses.
To help you do that, consider questions similar to those that follow.
Which responses do I want the WebAccelerator system to cache?
Are there responses for static documents that can remain in the
WebAccelerator systems cache for several days before being refreshed?
Which responses are dynamic documents that the WebAccelerator
system should refresh hourly?
Are there responses that the WebAccelerator system should never cache?
After you decide how you want the WebAccelerator system to handle
certain requests for your site, you can identify the HTTP data parameters
that the WebAccelerator system uses to match requests and responses to the
appropriate acceleration policies.
For example, the path found on requests for static documents may be
different than the path for dynamic documents. Or the paths may be similar,
but the static documents are in PDF format and the dynamic documents are
Word documents or Excel spreadsheets. These differences help you specify
matching rules that prompt the WebAccelerator system to match the HTTP
request to the acceleration policy that will handle the request and the
response most expeditiously.
Creating a user-defined acceleration policy
You can create a user-defined acceleration policy most efficiently by
copying an existing acceleration policy and modifying its rules to meet your
unique requirements. Alternatively, you can create a new user-defined
acceleration policy and define each matching rule and acceleration rule
individually.
When you copy or create an acceleration policy, the WebAccelerator system
maintains that acceleration policy as a development copy until you publish
it, at which time the WebAccelerator system creates a production copy.Only a production (published) copy of an acceleration policy is available for
you to assign to an application. You can make as many changes as you like
to the development copy of an acceleration policy without affecting current
traffic to your applications.
-
8/13/2019 Wa Policy Management Guide 10 2
27/186
Using Acceleration Policies
Policy Management Guide for the BIG-IP WebAccelerator System 2 - 7
To copy an existing acceleration policy
1. In the navigation pane, expandWebAcceleratorand clickPolicies.The Policies screen displays a list of existing acceleration policies.
2. In the Tools column for the acceleration policy you want to copy,
click theCopylink.
3. In theNamebox, type a descriptive name for the acceleration policy
so you can easily identify it later.
4. In theDescriptionbox, type an optional description.
5. ClickCopy.
To view and modify an acceleration policys rules
1. In the navigation pane, expandWebAcceleratorand clickPolicies.
The Policies screen displays a list of existing acceleration policies.
2. Click the name of the acceleration policy you want to view.
3. Click the branch node for the type of content you want to modify or
a leaf node for a specific page type.
The matching rules display for the selected node, and you can make
changes as required.
4. From the Matching Rules list, choose Acceleration Rules.
5. Click the name of an acceleration rule to view the configured rule
parameters for the selected node, and make changes as required
SeeModifying a Policy Tree for an acceleration policy, on page
3-11.
6. After you make the last change, click thePublishbutton from any
screen within the Policy Editor.
Alternatively, you can publish an acceleration policy from the
Policies screen as described in Publishing acceleration policies, on
page 2-10.
The acceleration policy is now available for assignment to an application.
To create a new user-defined acceleration policy
1. In the navigation pane, expandWebAcceleratorand clickPolicies.
The Policies screen displays a list of existing acceleration policies.2. Click theCreatebutton.
3. In theNamebox, type a descriptive name for the acceleration policy
so you can easily identify it later.
4. In theDescriptionbox, type an optional description.
5. Click theCreatebutton.
6. Click the name of the acceleration policy that you created.
-
8/13/2019 Wa Policy Management Guide 10 2
28/186
Chapter 2
2 - 8
7. Create the Policy Tree by defining branch nodes for the groups of
content, and leaf nodes for specific content.
8. Click a node and specify the matching and acceleration rules.
For more information, seeModifying a Policy Tree for anacceleration policy, on page 3-11.
9. After you make the last change, click thePublishbutton from anyscreen within the Policy Editor.
Alternatively, you can publish an acceleration policy from the
Policies screen as described in Publishing acceleration policies, on
page 2-10.
The acceleration policy is now available for assignment to an application.
Creating a signed acceleration policyAsigned acceleration policyis encrypted and certified by its author and
customized to work specifically for an application. You cannot view or
modify the specific rules for a signed acceleration policies; the policy is
locked.
You can import a signed acceleration policy from several sources, such as
the publisher of a specific application or a consultant, or you can sign a
user-defined policy that you have created and customized.
To sign an acceleration policy
1. In the navigation pane, expandWebAcceleratorand clickPolicies.The Policies screen displays a list of existing acceleration policies.
2. In the Tools column for the acceleration policy you want to sign,
click theSignlink.
3. From theSSL Certificate(s) to encrypt tolist, select one or more
SSL certificate that you want to use for the signed acceleration
policy.
Alternatively, you can create a new SSL certificate and key, or
import one by clicking the Createor Importlink. For specific
information about creating or importing SSL certificates and keys
refer to the online help, or see the Managing keys and certificates
section in the Managing SSL Trafficchapter of the Configuration
Guide for BIG-IPLocal Traffic Manager.
4. From theSigning SSL Certificate private keylist, select the
private key that you want to use.
5. Click theExportbutton.
6. Click theSavebutton.
7. Navigate to the location where you want to save the file.
8. Click theSavebutton.
-
8/13/2019 Wa Policy Management Guide 10 2
29/186
Using Acceleration Policies
Policy Management Guide for the BIG-IP WebAccelerator System 2 - 9
Once you sign and save the acceleration policy to an XML file, you can load
it onto any system running the same version of the WebAccelerator system
software. Then, you can publish it and make it available for assignment to
your applications. SeePublishing acceleration policies, on page 2-10.
To import a signed acceleration policy
Important
Before importing a signed acceleration policy, you must first import the SSL
certificate of the system on which the policy was signed. For a symmetric
deployment, the signed acceleration policy must be signed against each
WebAccelerator system in the deployment. For specific information about
importing SSL certificates and keys, refer to the online help, or see the
Managing keys and certificatessection in theManaging SSL Traffic
chapter of theConfiguration Guide for BIG-IP Local Traffic Manager.
1. In the navigation pane, expandWebAcceleratorand clickPolicies.The Policies screen displays a list of existing acceleration policies.
2. Click theImportbutton.
3. Click theBrowsebutton to browse to the location of the XML file
you want to import.
4. Specify whether you want to replace the existing acceleration
policy:
If you do not want to replace the existing acceleration policy,
clear theOverwrite existing policy of the same name checkbox. You can rename the acceleration policy after you import it.
If you want to replace an existing acceleration policy with the
imported acceleration policy with the same name, select the
Overwrite existing policy of the same name check box.
Tip
If you have more than one application that requires the same signed
acceleration policy, but with different logging options, you can copy the
signed acceleration policy and modify the logging options as required. See
To copy an existing acceleration policy, on page 2-7. For more information
about logging options, see Chapter12, Specifying Log Formats for Hit
Logs.
http://-/?-http://-/?-http://-/?- -
8/13/2019 Wa Policy Management Guide 10 2
30/186
Chapter 2
2 - 10
Publishing acceleration policiesWhen you modify rules for a user-defined acceleration policy that is
currently assigned to an application, the WebAccelerator system creates adevelopment copy and continues to use the currently published (production)
copy to manage requests. The WebAccelerator system uses the modified
acceleration policy to manage traffic only after you publish it.
If you create a new acceleration policy, you must publish it before you can
assign it to an application.
To publish an acceleration policy
1. In the navigation pane, expandWebAcceleratorand clickPolicies.
The Policies screen displays a list of existing acceleration policies.
2. In the Tools column for the acceleration policy you want to publish,
click thePublishlink.
3. In theCommentbox, type any optional text that you want displayed
with the publishing details, such as a brief summary of the changes
you made.
4. ClickPublish Now.
-
8/13/2019 Wa Policy Management Guide 10 2
31/186
Using Acceleration Policies
Policy Management Guide for the BIG-IP WebAccelerator System 2 - 11
Saving an acceleration policy to an XML fileYou can use the export feature to save an acceleration policy to an XML
file. We recommend that you use the export feature every time you change auser-defined acceleration policy, so that you always have a copy of the most
recent acceleration policy. You can use this file for back up and archival
purposes, or to provide to the F5 Networks Technical Support team for
troubleshooting issues.
To save an acceleration policy to an XML file
1. In the navigation pane, expandWebAcceleratorand clickPolicies.
The Policies screen displays a list of existing acceleration policies.
2. In the Tools column for the acceleration policy you want to export,
click theExportlink.
3. From theExportlist, select one of the following:
Published Policy
Select this option to export an acceleration policy that an
application is currently using. If the acceleration policy has not
been published, this option does not display.
Development Policy
Select this option to export an unpublished acceleration policy.
4. Click theExportbutton.
5. Click theSavebutton.
6. Navigate to the location where you want to save the file.
7. Click theSavebutton.
To import a saved acceleration policy
1. In the navigation pane, expandWebAcceleratorand clickPolicies.
The Policies screen displays a list of existing acceleration policies.
2. ClickImport.
3. Click theBrowsebutton to browse to the location of the XML file
you want to import.
4. Specify whether you want to replace the existing acceleration
policy: If you do not want to replace the existing acceleration policy,
clear theOverwrite existing policy of the same name checkbox. You can rename the acceleration policy after you import it.
If you want to replace an existing acceleration policy with the
imported acceleration policy of the same name, select the
Overwrite existing policy of the same name check box.
-
8/13/2019 Wa Policy Management Guide 10 2
32/186
Chapter 2
2 - 12
After you import an acceleration policy, you can publish it to make it
available for assignment to your applications.
-
8/13/2019 Wa Policy Management Guide 10 2
33/186
3Using the Policy Editor
Overview of the Policy Editor screen
Using the Policy Tree
Understanding acceleration policy rule inheritance
Modifying a Policy Tree for an acceleration policy
-
8/13/2019 Wa Policy Management Guide 10 2
34/186
-
8/13/2019 Wa Policy Management Guide 10 2
35/186
Using the Policy Editor
Policy Management Guide for the BIG-IP WebAccelerator System 3 - 1
Overview of the Policy Editor screenFrom the Policy Editor screen, you can view the matching rules and
acceleration rules for user-defined and predefined acceleration policies, aswell as create or modify user-defined acceleration policies.
To access the Policy Editor screen
1. In the navigation pane, expandWebAcceleratorand clickPolicies.
The Policies screen displays a list of existing acceleration policies.
2. Click the name of a user-defined or predefined acceleration policy.
The Policy Editor screen opens, where you can view the matching
rules and acceleration rules for the selected acceleration policy.
Note
You cannot view or modify the rules for a signed acceleration policy. Formore information, see Creating a signed acceleration policy, on page 2-8.
Figure 3.1 Policy Editor screen for an example acceleration policy
-
8/13/2019 Wa Policy Management Guide 10 2
36/186
Chapter 3
3 - 2
There are three main parts to the Policy Editor screen:
Policy TreeLocated on the left side of the Policy Editor screen, the Policy Tree
contains branch nodes and leaf nodes. A branch node represents a groupof content types (such as application generated or static) and each leaf
node represents specific content (such as images, includes, PDF
documents, or Word documents).
The Policy Tree function bar includes the following options:
AddUse to create a new content type group (branch node) or a new
content type (leaf node).
RenameUse to change the name of a branch or leaf node.
Delete
Use to remove a branch or leaf node.
CopyUse to copy a branch or leaf node.
up, down arrowsUse to change the priority of a leaf node up or down within the branch
node.
Screen trailLocated above the Policy Editor menu bar, the screen trail displays
(horizontally) the screens that you accessed in order to arrive at the
current screen. You can click the name of a screen in the trail to move
back to a previous location.
Policy Editor menu barLocated below the screen trail, the Policy Editor menu bar contains a list
from which you selectMatching Rules(default) orAcceleration Rules.
Figure 3.2 Matching rules displayed from the Policy Editor
-
8/13/2019 Wa Policy Management Guide 10 2
37/186
Using the Policy Editor
Policy Management Guide for the BIG-IP WebAccelerator System 3 - 3
When you selectAcceleration Rules, the acceleration rules menu bardisplays, as illustrated in Figure3.3.
Figure 3.3 Policy Editor menu bar displaying acceleration rules options
For more information about these acceleration rules, see the associated
chapters in this guide.
http://-/?-http://-/?- -
8/13/2019 Wa Policy Management Guide 10 2
38/186
Chapter 3
3 - 4
Using the Policy TreeMatching rules and acceleration rules for acceleration policies are organized
on thePolicy Tree, which you access from the Policy Editor screen.
To view the Policy Tree for an acceleration policy
1. In the navigation pane, expandWebAcceleratorand clickPolicies.The Policies screen displays a list of existing acceleration policies.
2. Click the name of the acceleration policy that you want to view.
The Policy Editor screen opens, with the Policy Tree to the left of
the screen.
Figure 3.4 A Policy Tree example
Policy Tree example
For this example, the site receives only two types of requests: Requests for a
CGI-based application and requests for GIF images.
The Policy Tree for this acceleration policy consists of two leaf nodes.
TheApplicationleaf node has two associated matching rules that
identify a match for a CGI-based application as follows:
A rule based on the path that appears in the requests URL
A rule based on the request and response not matching an image
content type
TheImagesleaf node has an associated matching rule that identifies a
match in a request, if the file extension is.gif.
-
8/13/2019 Wa Policy Management Guide 10 2
39/186
Using the Policy Editor
Policy Management Guide for the BIG-IP WebAccelerator System 3 - 5
The WebAccelerator system matches requests to theApplicationleaf nodewhen the requests path is for a CGI-based application. Since the
WebAccelerator system matches both requests and responses, if the
response from the application on the origin web server is a GIF image, the
WebAccelerator system matches the response to theImagesleaf node andapplies that leafs associated acceleration rules.
-
8/13/2019 Wa Policy Management Guide 10 2
40/186
Chapter 3
3 - 6
Understanding acceleration policy rule inheritanceThe structure of the Policy Tree supports a parent-child relationship. This
allows you to easily randomize rules. That is, because a leaf node in a PolicyTree inherits all the rules from its root node and branch node, you can
quickly create multiple leaf nodes that contain the same rule parameters by
creating a branch with multiple leaf nodes. If you override or create new
rules at the branch node level, the WebAccelerator system reproduces those
changes to the associated leaf nodes.
Nodes are defined as follows.
Root nodeThe root node exists only for the purpose of inheritance; the
WebAccelerator system does not perform matching against root nodes.
The Policy Tree typically has only one root node, from which all other
nodes are created. For the example illustrated in Figure 3.5, on page 3-7,
the root node isHome. What distinguishes a root node from a branchnode is that a root node has no parent node.
Branch node
The branch nodes exist only for the purpose of propagating rule
parameters to leaf nodes; the WebAccelerator system does not perform
matching against branch nodes. For the example illustrated in Figure3.5,
on page 3-7, the branch nodes areApplications,Images,Documents,
Components, andOther. Branch nodes can have multiple leaf (child)
nodes, as well as child branch nodes.
Leaf nodeA leaf node inherits rule parameters from its parent branch node. The
WebAccelerator system performs matching only against leaf nodes, andthen applies the leaf nodes corresponding acceleration rules to the
request. Leaf nodes are displayed on the Policy Tree in order of priority.
If a request matches two leaf nodes equally, the WebAccelerator system
matches to the leaf node with the highest priority. For the example
illustrated in Figure3.5, on page 3-7,the leaf nodes that are displaying
areDefaultandSearch.
Figure3.5, on page 3-7, shows a sample Policy Tree for an acceleration
policy. Since the majority of the rules are the same for each leaf node, all of
the example acceleration policys rule parameters are defined at the Homebranch node. Therefore, all of the leaf nodes for the branch have the same
matching and acceleration rules. From that point, it was easy to modify the
rules only for the specific needs of theDefaultandSearchleaf nodes.
http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?- -
8/13/2019 Wa Policy Management Guide 10 2
41/186
Using the Policy Editor
Policy Management Guide for the BIG-IP WebAccelerator System 3 - 7
Figure 3.5 Rule inheritance on a Policy Tree
Inheriting rule parameters
When you create a user-defined acceleration policy by copying an existing
acceleration policy, you must determine from which branch node the
acceleration policy is inheriting specific rules, and decide whether you want
to change the rules at the leaf node or change the rules at the branch node.
To determine inheritance for a rule parameter, view the rule parameters
inheritance icon.
For example, Figure3.6illustrates matching rules for the PathandHeaderrule parameters for a particular leaf node.
Figure 3.6Inheritance example for Path and Header parameters
http://-/?-http://-/?- -
8/13/2019 Wa Policy Management Guide 10 2
42/186
Chapter 3
3 - 8
The arrow icon in the Inheritance column next to thePathparameterindicates this rule was inherited from the parent branch node. The
inheritance icon next to the Headerparameter does not have an arrow,indicating that the rule was not inherited; it was created locally at the leaf
node.
Since theHeaderparameter rule is not inherited, you can delete the rule at
the leaf node level. However, you cannot delete the Pathparameter becauseit was inherited from the branch node. To delete thePathparameter rule,
you must delete from its parent branch node.
For inherited rule parameters, you can determine the ancestor branch node
by hovering the cursor over the inheritance icon. For this example, when
placing the cursor on the inheritance icon next to Path, the branch node
Homedisplays as the ancestor node, as illustrated in Figure 3.7.
Figure 3.7Inheritance example for Path parameter
Overriding inherited rule parameters
When you override an inherited setting for a rule, an override icon displays
(the inheritance icon with a red X) next to the rule setting. To see the node
where the option was overridden, place your cursor over the override icon.
For example, for the content assembly rule in Figure 3.8, all of the options
are inherited from the branch node, except for theEnable MultiConnectoption. For this node, the rule was disabled at the leaf node. When hovering
the cursor over the override icon, a message displays next to theContentAssembly Optionsmenu.
Figure 3.8 Inheritance example with overridden rule option
http://-/?-http://-/?-http://-/?-http://-/?- -
8/13/2019 Wa Policy Management Guide 10 2
43/186
Using the Policy Editor
Policy Management Guide for the BIG-IP WebAccelerator System 3 - 9
To see if the current leaf node inherited this overridden option, click the
parent branch node and view its rules. In Figure3.9, you see that there were
no rule settings overridden at the parent branch, indicating the rule was
inherited from the branch node, Home, and overridden at the leaf node.
Figure 3.9 Parent of leaf node example
When you follow this rule back to its grandparent, you see the rule options
are not inherited from any other node; they are set at the grandparent node
and they are all enabled, as indicated in Figure3.10.
Figure 3.10 Grandparent of leaf node example
If you want to enable the content compression feature at the leaf node, you
can use one of the following options:
Override the inherited setting at the leaf node and select theEnable
Content Compressioncheck box.
Cancel the override setting at the parent, so that the parent inherits the
Enable Content Compressionsetting of the grandparent, and passesthat setting to the leaf node.
http://-/?-http://-/?-http://-/?-http://-/?- -
8/13/2019 Wa Policy Management Guide 10 2
44/186
Chapter 3
3 - 10
Keep in mind that if you cancel the override setting at the grandparent
branch node, you change the settings for all of the child leaf nodes, not just
the leaf node you want to change.
Tip
Although you have the option to override rules at the leaf node level, you
should set up the Policy Tree in a logical way so that you only specify rules
for branch nodes that you want all or most of its child leaf nodes to inherit.
In other words, do not set a rule for a branch node if you know that most its
leaf nodes will not use that rule.
-
8/13/2019 Wa Policy Management Guide 10 2
45/186
Using the Policy Editor
Policy Management Guide for the BIG-IP WebAccelerator System 3 - 11
Modifying a Policy Tree for an acceleration policyTo customize a user-defined acceleration policy, you can modify the branch
and leaf nodes matching rules and acceleration rules. Or, you can add newbranch and leaf nodes and associated matching and acceleration rules to the
Policy Tree.
Important
You can edit only user-defined acceleration policies. You cannot edit
predefined or signed acceleration policies.
To add a new branch or leaf node to the Policy Tree
1. On the Policy Tree function bar, clickAdd.
2. In theNamebox, type a name for the new branch or leaf node.
3. In theDescriptionbox, type an optional description.
4. Select theCreate a new Policy Tree branch check box.
5. Click theCreatebutton.The screen refreshes and the Policy Tree displays with the new
branch, where you can specify the matching rules and acceleration
rules for the new branch as required.
To rename a node on the Policy Tree tree
1. On the Policy Tree, click the name of the node that you want to
rename.
2. On the Policy Tree function bar, clickRename.
3. In theNamebox, type a new name for the node as required.
4. Click theRename Nodebutton.The screen refreshes and the Policy Tree displays the node with the
new name.
To delete a node from the Policy Tree
1. On the Policy Tree, click the node that you want to delete.
2. On the Policy Tree function bar, clickDelete.
The screen refreshes and the Policy Tree displays, without the nodeyou removed.
To copy a node on the Policy Tree
1. On the Policy Tree, click the node that you want to copy.
2. On the Policy Tree function bar, clickCopy.
3. In theNamebox, type a name for the new node.
-
8/13/2019 Wa Policy Management Guide 10 2
46/186
Chapter 3
3 - 12
4. In theDescriptionbox, type an optional description.
5. Click theCopybutton.The screen refreshes and the Policy Tree displays with the node you
copied.
To change the priority of a node on the Policy Tree
For ambiguous queries, the WebAccelerator system chooses between the
leaf nodes based on their priority on the Policy Tree. You can change the
priority of a leaf node only within a branch of the tree. For example, in
Figure3.5, on page 3-7, you can give the Defaultleaf node priority over the
Searchleaf node, but not over theImagesnode.
1. On the Policy Tree, click the node for which you want to change the
priority.
2. On the Policy Tree function bar, click the Up or Down button.The node changes positions on the Policy Tree, as directed.
For more information about ambiguous queries, see Application matching
based on node precedence, on page 5-2.
http://-/?-http://-/?- -
8/13/2019 Wa Policy Management Guide 10 2
47/186
4Using HTTP Headers to Configure
Acceleration Policy Rules
Using HTTP header parameters to process requests
Configuring rules based on HTTP request headers
Configuring rules based on HTTP response headers
Using regular expressions and meta tags for rules
Managing Cache-Control response headers
Using ESI Surrogate-Control headers
Viewing X-PvInfo response headers
-
8/13/2019 Wa Policy Management Guide 10 2
48/186
-
8/13/2019 Wa Policy Management Guide 10 2
49/186
-
8/13/2019 Wa Policy Management Guide 10 2
50/186
Chapter 4
4 - 2
Processing requests
When a WebAccelerator system receives an HTTP request that meets the
conditions described in Requirements for servicing requests, on page 4-1,
the WebAccelerator system processes the request as follows:
1. Performs application matching against the request and retrieves the
associated acceleration rules.
2. If matched to a proxying rule, the WebAccelerator system sends the
request to the origin web servers as required by the rule.
Proxying rules are described in Chapter8, Configuring Proxying
Rules.
3. If the request does not match to a proxying rule, the WebAccelerator
system attempts to retrieve the appropriate compiled response from
its cache.
4. If there is no compiled response in its cache, the WebAcceleratorsystem sends the request to the origin web servers for content.
5. If it finds a compiled response in its cache, the WebAccelerator
system looks for an associated content invalidations rule for the
compiled response.
For the conditions and mechanisms that trigger a content
invalidations rule, see Chapter10, Configuring Invalidations Rules.
6. If a content invalidations rule is triggered for the compiled response,
the WebAccelerator system compares the rules effective time
against the compiled responses last refreshed time. If the compiled
responses last refreshed time is before the content invalidations
rules triggered time, the WebAccelerator system sends the request
to the origin web servers for content.
7. If a content invalidations rule is not triggered, or if the compiled
responses last refreshed time is after the invalidations rules
effective time, the WebAccelerator system examines the compiled
responses TTL value to see if the compiled response has expired. If
it has expired, the WebAccelerator system sends the request to the
origin web servers.
8. If the compiled response has not expired, the WebAccelerator
system services the request using the cached compiled response.
Requirements for caching responsesWhen the WebAccelerator system receives a response from the origin web
server, it inspects the HTTP response headers, applies the acceleration rules
to the response, and sends the content to the client. To ensure the most
effective performance, the WebAccelerator system does not cache a
response from the origin server, or forward it to the originating requestor,
unless it meets the following conditions.
The request does not match to a do-not-cache proxying rule.
See Chapter8, Configuring Proxying Rules, for more information.
-
8/13/2019 Wa Policy Management Guide 10 2
51/186
Using HTTP Headers to Configure Acceleration Policy Rules
Policy Management Guide for the BIG-IP WebAccelerator System 4 - 3
The first line of the response identifies the protocol, a response code that
is an integer value, and a response text.
For example:HTTP/1.1 200 (OK)
If theTransfer-Encodingresponse header is used on the response, thevalue is chunked.
The response is complete, based on the method and type of data
contained within the response, as follows:
HTML tagsBy default, the WebAccelerator system considers a response in the
form of an HTML page complete only if it contains both beginning
and ending HTML tags.
Content-Length response headerIf a response is anything other than an HTML page, or if you have
overridden the default behavior described in the previous bullet point,
the WebAccelerator system considers content complete only if the
response body size matches the value specified on theContent-Lengthresponse header.
Chunked transfer codingIf you do not use aContent-Lengthresponse header for a response,
you must use chunked transfer coding. If you use chunked transfer
coding, the WebAccelerator system does not consider content
complete until it receives the final zero-sized chunk. For information
about chunked transfer coding, see section 3.6 in the HTTP/1.1
specification
http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.6
The body of a response does not exceed the value of the
maxResponseDataSizeparameter in the WebAccelerator systems
configuration file. By default, this value is 64MB.
If the WebAccelerator system receives a response from the origin server that
does not conform to these conditions, it does not cache the response before
sending it to the client.
-
8/13/2019 Wa Policy Management Guide 10 2
52/186
Chapter 4
4 - 4
Configuring rules based on HTTP request headersIn most cases, the default values for the predefined acceleration policies are
sufficient, but you can fine-tune the WebAccelerator systems behavior bycreating a user-defined acceleration policy and modifying the HTTP request
data type parameters. When you specify or modify an HTTP data type
parameter for an acceleration policy rule, you define specific HTTP data
type parameter criteria that the WebAccelerator system uses to manage
HTTP requests. When specifying parameter criteria, you designate the
following information within a rule.
Parameter identityThis can include one or more of the following criteria:
Parameter type
Parameter name
Parameter location within the HTTP request
Parameter value or stateThis can include one or more of the following parameter state and value:
Parameter is present in the HTTP request and matches the defined
value provided in the form of a regular expression
Parameter is present in the HTTP request and does not match the
specified value provided in the form of a regular expression
Parameter is present in the HTTP request, but has no value (is an
empty string)
Parameter is not present in the HTTP request
WebAccelerator system actionWhere you specify the following criteria:
Whether the WebAccelerator system performs an action on a match or
a no match
The action that the WebAccelerator system performs, which is
dictated by the rules in the associated acceleration policy
For example, if you specify a rule that the WebAccelerator system
performs an action when a request does not match a configured
parameter, the rule triggers if the parameter in the request is a different
value than you specified, or if the value is empty (null). The
WebAccelerator system does not perform the specified action if the
parameter does not appear in the request.
-
8/13/2019 Wa Policy Management Guide 10 2
53/186
Using HTTP Headers to Configure Acceleration Policy Rules
Policy Management Guide for the BIG-IP WebAccelerator System 4 - 5
Specifying HTTP data type parameters for a ruleYou cannot configure rules based on all HTTP data types parameters; you
can only specify the parameters that the WebAccelerator system uses when
processing HTTP requests. Table4.1outlines the HTTP data type
parameters that you can configure specific rules.
Note
Lifetime rules and responses cached rules, described in Chapter9,
Configuring Lifetime Rules, and Chapter11, Configuring Responses
Cached Rules, do not use HTTP data type parameters.
The HTTP data type parameters that the WebAccelerator system uses when
processing HTTP requests, are defined as follows.
Note
To specify that the parameter name is case-sensitive, enable the Values are
case sensitivesetting when configuring the parameter options.
Parameters
Matching
Rules
Variation
Rules
Assembly
Rules
Proxying
Rules
Invalidations
Rules
Host x x x x
Path x x
Extension x x
Query parameter x x x x x
Unnamed query parameter x x x x x
Path segment x x x x x
Cookie x x x x
User Agent x x x x
Referrer x x x x
Protocol x x x x
Method x x x x
Header x x x x
Client IP x x x x
Content Type x
Table 4.1 HTTP request data type parameters
http://-/?-http://-/?- -
8/13/2019 Wa Policy Management Guide 10 2
54/186
Chapter 4
4 - 6
Host
A rule that uses thehostparameter is based on the value provided for theHTTP Host request header field. This header field describes the DNS name
that the HTTP request is using. For example, for the following URL the hostequates toHOST: www.siterequest.com.
http://www.siterequest.com/apps/srch.jsp?value=computers
Path
A rule that uses thepathparameter is based on the path portion of the URI.
The path is defined as everything in the URL after the host and up to the end
of the URL, or up to the question mark, (whichever comes first). For
example:
Extension
A rule that uses theextensionparameter is based on the value that follows
the far-right period, in the far-right segment key of the URL path.
Note
Segment keys, the text following the semicolon and preceding the question
mark in the third URL, are described in Path segment, on page 4-7.
For example, in the following URLs,gif,jpg, andjspare all extensions:
http://www.siterequest.com/images/up.gif
https://reader010.{domain}/reader010/html5/0622/5b2ca03665363/5b2ca05948b5c.j
http://www.siterequest.com/apps/psrch.jsp;sID=AAyB23?src=magic
Query parameterA rule that uses thequery parameteris based on a particular query
parameter that you identify by name, and for which you provide a value to
match against. The value is usually literal and must appear on the query
parameter in the request, or a regular expression that matches the requests
query parameter value. The query parameter can be in a request that uses
GET or POST methods.
URL Path
http://www.siterequest.com/apps/srch.jsp?value
=computers
/apps/srch.jsp
http://www.siterequest.com/apps/magic.jsp /apps/magic.jsp
Table 4.2 Path example
http://-/?-http://-/?-http://-/?- -
8/13/2019 Wa Policy Management Guide 10 2
55/186
Using HTTP Headers to Configure Acceleration Policy Rules
Policy Management Guide for the BIG-IP WebAccelerator System 4 - 7
You can also create a rule that matches the identified query parameter when
it is provided with an empty value, or when it is absent from the request. For
example, in the following URL theactionquery parameter provides anempty value:
http://www.siterequest.com/apps/srch.jsp?action=&src=magic
Unnamed query parameter
Anunnamed query parameteris a query parameter that has no equal sign.That is, only the query parameter value is provided in the URL of the
request. For example, the following URL includes two unnamed query
parameters that have the value ofdogandcat:
http://www.siterequest.com/apps/srch.jsp?dog&cat&src=magic
A rule that uses theunnamed query parameterspecifies the ordinal of theparameter, instead of a parameter name. The ordinal is the position of the
unnamed query parameter in the query parameter portion of the URL. Youcount ordinals from left to right, starting with 1. In the previous URL, dogisordinal 1, andcatis ordinal 2.
You can create a rule that matches the identified (unnamed) query parameter
when it is provided with an empty value, or when it is absent from the
request. For example, in the following URL, ordinal 1 provides an empty
value.
http://www.siterequest.com/apps/srch.jsp?&cat&src=magic
In the following URL, ordinal 3 is absent (dogis in ordinal 1 andsrcis in
ordinal 2).
http://www.siterequest.com/apps/srch.jsp?dog&src=magic.
Path segment
A rule that uses thepath segmentparameter identifies one of the following
values:
Segment key
Segment parameter
Segment keys
A segment is the portion of a URI path that is delimited by a forward slash
(/). For example, in the path:/apps/search/full/complex.jsp,apps,search,
full, andcomplex.jspall represent path segments. Further, each of thesevalues are also the segment key, or the name of the segment.
Segment parameters
A segment parameter is the value in a URL path that appears after the
segment key. Segment parameters are delimited by semicolons. For
example,magic,shop, andactare all segment parameters for their
respective path segments in the following path:
/apps/search/full;magic/complex.jsp;shop;act
-
8/13/2019 Wa Policy Management Guide 10 2
56/186
Chapter 4
4 - 8
To specify segment parameters, you must also identify:
Segment ordinals
Segment parameter ordinals
Segment ordinals
To specify a segment for a rule, you must provide an ordinal that identifies
the location of the segment in the path:
/apps/search/full;magic/complex.jsp;shop;act
You must also indicate in the rule, which way you are counting ordinals in
the path: from the left or the right (you always count starting at 1). For the
example shown,/full;magic, the ordinals for this path are as show in Table
4.3.
Segment parameter ordinals
When you specify a segments ordinal for a rule, you must also identify the
ordinal of the element within the segment. You count segment parameter
ordinals left-to-right in the path, and the segment key is always ordinal 0.For the segment,/complex.jsp;shop;act, the ordinals and elements are
defined as outlined in Table4.4.
Cookie
A rule that uses thecookieparameter is based on a particular cookie that
you identify by name, and for which you provide a value to match against.
Usually the value is literal and must appear on the cookie in the request, or a
regular expression that must match the requests cookie that appears on the
cookie HTTP request headers. These are the same names you use to set the
cookies, using theHTTP SET-COOKIEresponse headers.
Ordinal Numbering Selection
3 Numbering Left-to-Right in the Full Path
2 Numbering Right-to-Left in the Full Path
Table 4.3 Segment ordinals example
Ordinal Segment Segment Element Type
0 complex.jsp segment key
1 shop segment parameter
2 act segment parameter
Table 4.4 Segment parameter example
http://-/?-http://-/?- -
8/13/2019 Wa Policy Management Guide 10 2
57/186
Using HTTP Headers to Configure Acceleration Policy Rules
Policy Management Guide for the BIG-IP WebAccelerator System 4 - 9
You can also create a rule that matches when the identified cookie is
provided with an empty string or when it is absent from the request. For
example, in the following string, the following REPEATcookie is empty:
COOKIE: REPEAT=In the following string, theUSERcookie is present and the REPEATcookie is absent:
COOKIE: USER=334A5E4.
User agent
A rule that uses theuser agentparameter is based on the value provided for
theHTTP USER_AGENTin the request header, which identifies thebrowser that sent the request. For example, the following USER_AGENTrequest header indicates that the requesting browser is IE 5.01 running on
Windows NT 5.0:
USER_AGENT: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
You do not typically base rules on theUSER_AGENTrequest header,unless your site behaves differently depending on the browser in use.
Referrer
A rule that uses thereferrerparameter is based on the value provided fortheHTTP REFERERin the request header. (Note the misspelling of
REFERER. This spelling is defined for this request header in all versions ofthe HTTP specification.)
This header provides the URL location that referred the client to the pagethat the client is requesting. That is, REFERERprovides the URL that
contains the hyperlink that the user clicked to request the page. For example:
REFERER: http://www.siterequest.com/
You do not typically base rules on theREFERERrequest header, unlessyou want your sites behavior to be dependent on the specific referrer. For
example, one implementation would be for sites that provide different
branding for their pages based on the users web portal or search engine.
Protocol
A rule that uses theprotocolparameter is based on whether the request uses
the HTTP or HTTPS protocol. For example, the following URL uses theHTTP protocol:
http://www.siterequest.com/apps/srch.jsp?value=computers
The following URL uses the HTTPS protocol:
https://www.siterequest.com/apps/srch.jsp?value=computers
-
8/13/2019 Wa Policy Management Guide 10 2
58/186
Chapter 4
4 - 10
Method
A rule that uses themethodparameter is based on whether the request usedthe GET or POST method.
Header
A rule that uses theheaderparameter is based on a particular header thatyou identify by name, and for which you provide a value to match against.
You can use an HTTP request data type header parameter to create rules
based on any request header, other than one of the recognized HTTP request
data types that are listed in Table4.1, on page 4-5.
The HTTP request data type header parameter you use can be standard
HTTP request header fields such asAUTHORIZATION,CACHE-CONTROL, andFROM. They can also be user or acceleration
defined headers in the form of a structured parameter.
Following are examples of HTTP request data type parameters:
Accept: text/html, image/*Accept-Encoding: gzip
Accept-Language: en-usCSP-Gadget-Realm-User-Pref: NM=5,PD=true,R=3326
The last header in the example depicts a structured parameter.
The format of a structured parameter in a request is similar to that used for a
cookie, with a header name that you choose, followed by a series of
name=valuepairs separated by commas. The header name is not
case-sensitive and in this structure, the semicolons (;) are special characters.
The parser ignores anything after a semicolon until it reaches the subsequent
comma. For example, following are valid header structured parameters:CSP-Global-Gadget-Pref: AT=0CSP-Gadget-Realm-User-Pref: NM=5,PD=true,R=3326
CSP-User-Pref:E2KU=chi,E2KD=ops%u002esiterequest%u002enet,E2KM=chi
CSP-Gateway-Specific-Config:PT-User-Name=chi,PT-User-ID=212,PT-Class-ID=43Standards: type=SOAP;SOAP-ENV:mustUnderstand="1",version=1.2
In the last line, the parser ignoresSOAP-ENV:mustUnderstand="1",because it follows a semicolon. Since version=1.2follows the command,
the parser reads it as aname=valuepair. If you have metadata that you wantto include in the header, but want the WebAccelerator system to ignore, put
it after a semicolon.If you specify a header as a structured parameter when creating a rule, the
WebAccelerator system parses it into name=valuepairs when it examines
the request. If you do not specify it as a structured parameter, the
WebAccelerator system processes it like a normal header, and treats
everything after the colon (:) as the value. To define a header as a structured
parameter when you are creating or editing a rule, you specify the name
using the following syntax:
headername:parmname
http://-/?-http://-/?- -
8/13/2019 Wa Policy Management Guide 10 2
59/186
-
8/13/2019 Wa Policy Management Guide 10 2
60/186
Chapter 4
4 - 12
Configuring rules based on HTTP response headersAfter the WebAccelerator system receives a response from the origin web
server, it performs the following processes: Classifies the response
Applies associated acceleration policy rules
Assembles the response
Response headers have no effect on application matching, variation, or
invalidations rules. The WebAccelerator system evaluates response headers
associated with caching after it compiles, but before it caches, the response.
Once the WebAccelerator system begins the compilation and assembly
process, it then examines existing response headers that influence assembly.
You can configure assembly, proxying, lifetime, or responses cached rules
based on response headers.
Note
If you configure proxying rules based on HTTP response header
parameters, you can use them only in terms of how the WebAccelerator
system caches the responses, because the WebAccelerator system has
already sent the request to the origin web servers when it reviews the
response headers.
Classifying responses
After the WebAccelerator system receives a response from the origin server,and before it performs application matching, it classifies the response based
on the object types that are defined on the Object Types screen. The
WebAccelerator system bases this classification on the first item it finds, in
the following order:
The file extension in the file name field of the responses
Content-Dispositionheader
The file extension in the extension field of the responses
Content-Dispositionheader
The responsesContent-Typeheader, unless it is an ambiguous MIMEtype
The requests path extension
For example, if the extension in the file name field of the responses
Content-Dispositionheader is empty, the WebAccelerator system looks at
the responsesContent-Dispositionheaders file extension in the extensionfield. If that has an extension, the WebAccelerator system attempts to match
it to a defined object type. If there is no match, the WebAccelerator system
assigns an object type ofotherand uses the settings for other. The
WebAccelerator system examines the information in the Content-Typeheader only if there is no extension in the file name or extension fields of the
Content-Dispositionheader.
-
8/13/2019 Wa Policy Management Guide 10 2
61/186
Using HTTP Headers to Configure Acceleration Policy Rules
Policy Management Guide for the BIG-IP WebAccelerator System 4 - 13
If the WebAccelerator system finds a match to an object type, it classifies
the response with that object type, group, and category, and uses the
associated settings for compression. The object type and group under which
the response is classified is also included in the X-PvInforesponse header.
For more information, seeViewing X-PvInfo response headers, on page
4-25.
Important
If you have defined a compression setting for an object from the Object
Types screen, it overrides any compression setting configured for an
assembly rule for the responses matched node. For specific information
about how to configure object types, see theChanging Default Settings
chapter in theConfiguration Guide for the BIG-IP WebAccelerator
System.
Once it classifies the response by object type, the WebAccelerator system
appends it as follows:group.objectType. The WebAccelerator system thenmatches the response to a node of a Policy Tree in an acceleration policy
(the first matching process was for the request), using the new content type.
In many cases, this content type is the same as the content type for the
request, and the WebAccelerator system matches the response to
top related