NetScaler Use of Rewrite, Responder and URL transformation

Now when I started working with NetScaler I was always thinking what the hell are the differences the features Rewrite, Responder and URL transformation which were like different options in the NetScaler AppExpert field. Now after using these features for some time and scrolling in the discussion forums I notice the same question being asked over and over again.

What are the differences? and where should I use one over the other? So my purpose of this post is to try to explain the differences. So using different scenarios I will try to explain with some creative visio drawings..

Responder

The responder feature can be used to redirect URL requests to another page or respond back with random text for instance when doing maintance for instance. As an example based upon the expression we configure, users from a particular IP-segment will automatically be redirected to a particular URL.
NOTE: Responder only looks at HTTP traffic, so it can only be used for those types of servicesimage

The responder feature happens only at incoming requests so it does not change anything inline to the backend resource. So for instance if the end-user goes to the virtual server of 192.168.37.101 and it has a responder policy that is set to redirect to another URL, the NetScaler will reply to the HTTP request with an HTTP 302 STATUS code and respond back to the client, which will then establish a new request to the new URL

image

Another option we have is to display back static content, for instance if we have maintance and we want to display some content to the end-users which will be served from the NetScaler

image

We can also use this with for instance blocked IP addresses if we have an pattern set, so when blocked IP addresses try to connect to our site they will be shown a static HTML page.

image

Now the responder feature, think of it as a raw feature, it comsumes little CPU and only handle incoming requests, it cannot handle response traffic, but it allows for simple redirects to other sites using HTTP 302 commands, and be used do display static content.

Rewrite

Rewrite is a much more powerful feature which can be used for alot of things, besides HTTP it can also be used for SIP and DNS for instance. Rewrite is an Inline feature which allows it to change more of the content that is passing trough besides just looking at the URL a user wants to go to. So much more complex and because of that it will require more resources from the NetScaler if we compare it to URL responder. But! digging in, it can also do deeper into the HTTP stack so for instance it can alter the HTTP headers coming back from the web-server, as an example if we have a rewrite policy bound to a virtual server which is based upon response and we need to remove some data from the HTTP header.

image

This for instance will remove the server information from the HTTP header coming from the backend IIS web-server.

Which used to look like this from an end-user

image

Will now look like this

image

It can also be used to change HTTP data coming back from the server, for instance if we have an HTTP transaction containing the field password in it, we want it to change the data it responds back with something else. So much more powefull since it can handle request & peresponses and also HTTP headers

image

URL Transformation

Is a more blunt feature again, where the purpose of the service is simple do URL transformation from both requests and responses. Think of the following you have an particular web service which only handles requests to a particular hostname which is something http://webapp2.domain.local If you want to publish this externally you have some issues since that is an intneral only DNS hostname. This is where URL Transformation comes in.We can tell the NetScaler to change the incoming URL address before it is sent to the backend web server.

image

This can simply be changed for external access using URL transformation. When a user enters the URL for webapp.domain.com which points to a VIP on the NetScaler the URL transformation policy will alter the URL to another URL before it is sent to the backend server. When the backend server sees the request it will be with the original URL. It will return the data, but since the .local URL is not available externally the NetScaler needs to change the URL again before it comes back to the end-user.

This can be used in migration examples if we want to redirect users to another site on another server but still use the same external URL this is a great feature to use for this type of purpose.