Control access to NetScaler vServers based on current time
We just had a customer asking if one could control the access to NetScaler vServers based on the time of the day (e.g. “be available each day between 8am and 6pm”). Never done before, so took the task and made it work. This is how:
There are actually two places where I figured, it would make sense to control the access: on Loadbalancing vServer level, based on Listener Policies, and on Content Switching level, based on CS Policies.
Both, Listener Policies and CS policies allow for time control by using two different properties
where %something% is an operator like “EQ”, “BETWEEN”, or similar.
The operator “between” looked quite promising. My tries, though, showed that apparently, “between” can deal with full dates (e.g. “GMT 20017 MAY 10 10h 10m 10s”)…
… not using only daytime values (e.g. “GMT 10h 10m 10s”), though:
Docs.citrix.com can be quite a pain to work with (at the moment, I am redirected to the Chinese page by default), but it does help if you manage to find the right content: http://docs.citrix.com/en-us/netscaler/12/appexpert/policies-and-expressions/ns-pi-adv-exp-work-date-time-num-wrapper-con/ns-pi-format-date-time-exp-con.html
Reading through the eDocs, I learned that “between” does indeed not seem to support “intra day” dates. “GT” (greater than) and “LT” (lesser than) do, though. And isn’t that as good as “between”, if you add some “&&”?
Said and done, this is my working CS policy expression:
Bound to my Content Switch, this policy effectively controls the access to my IIS web server based on the current time.
I did not try the http.req.date%something%() property, as I figured controlling the access by the actual system time might be more precise.
Creating a Listener Policy with the same criteria did not limit the access in any way.
Hope that helps if you ever find yourself in I similar situation.
Looking forward to your comments!
[Equipment used: NetScaler Version: VPX 1000 PLT - 18.104.22.168; Windows Server 2016 with IIS]