Command Line Interface Reference Guide > The SLB Configuration Menu
/cfg/slb/virt <server number>/service/https/cntrules
Content-Based Services Rule Menu
Content-based service rules consist of a protocol-specific matching content class and an action. A rule can be added, removed, or copied. The rules are evaluated according to their priority, with the lowest number getting evaluated first. The maximum number of rules in a rule list is 1281024. All rules are evaluated, and all matching rules are performed.
Tip: Radware recommends that you leave a gap between rule numbers that you create so you can easily place future rules within the current hierarchy. For example, create rules 1, 5, and 10 in the event that new rule 3 should be placed between rules 1 and 5, or new rule 7 should be placed between rules 5 and 10.
Note: Alteon performs HTTP Layer 7 content switching before applying any modifications and is based on the original requests.
 
[HTTPS Content Rule 1 Menu]
name - Set descriptive content rule name
cntclss - Set content class for this rule
action - Set action type for this rule
group - Set real server group number for this rule
redirect - Set application redirection location for this rule
  botmng   - Set Bot Manager Processing for this rule
botmngid - Set Bot Manager policy for this rule
secpath - Set SecurePath policy for this rule
sideband - Set Sideband Processing for this rule
secwa - Set Secured Web Application Processing for this rule
fastwa - Set web application for this rule
copy - Copy rule
ena - Enable rule
dis - Disable rule
del - Delete rule
cur - Display current rule configuration
 
Content Based Services Rule Menu Options (/cfg/slb/virt/service/https/cntrules) 
Command Syntax and Usage
name
 
Sets the descriptive name for the content rule.
cntclss
 
Sets the content class for this rule. This parameter is mandatory for enabled rules.
The content class can be of type HTTP (URL, HTTP Headers, HTTP Payload), HTTP/2 (URL, HTTP Headers, HTTP Payload), or SSL (SNI, relevant only for SSL inspection filters).
Note: On front-end SSL inspection filters, the type of content class that can be used depends on the Alteon installation mode:
*When Alteon is installed as Explicit Proxy (SSL Policy Frontend SSL set to Enable on Connect), only HTTP Content Class can be selected.
*When Alteon is installed as Transparent Proxy (SSL Policy Frontend SSL set to Enable) only SSL Content Class can be selected.
For content class updates, use the /cfg/slb/layer7/slb/cntclss HTTP Content Class Menu.
action group|redirect|discard
 
Sets the action type of this virtual service. When content rules are configured for the service, this parameter specifies the default action when traffic does not match any of the content rules.
Values:
*group — The traffic is load balanced between the servers of the specified real servers group ID after performing all other actions for the virtual service.
*redirect — Application redirection is performed for HTTP and HTTPS traffic based on the value in the redirect option. This option can be used, for example, to redirect HTTP traffic to HTTPS.
*discard — Traffic is dropped.
Default: group
When the action option is set to redirect, the dbind option is automatically set to forceproxy.
group <real server group ID (alphanumeric)>
 
Sets a real server group for this service. You are prompted to enter the number of the real server group to add to this service.
Values: 1 – 1024
Default: 1
redirect
 
Sets the application redirection location of this rule.
The redirection location is a string of up to 255 characters with the following format:
<protocol>://<host>[:<port>][/<path>][?<query>]
The protocol and host parameters are mandatory. All other parameters are optional.
For each of the location fields, to access the value in the original request, use token format ($PROTOCOL, $HOST, $PORT, $PATH or $QUERY).
For example:
*To redirect to HTTPS: https://$HOST/$PATH?QUERY
*To change host: $PROTOCOL://NewHost.com/$PATH?$QUERY
botmng [inherit|specific|disable]
This parameter enables you to attach a Bot Manager policy to content based rules for virtual services.
Values:
*inherit — Traffic that matches this content rule uses the same Bot Manager policy that is associated to the virtual service.
*specific — Traffic that matches this content rule uses the Bot Manager policy that is associated to this content rule.
*disable — Traffic that matches this content rule does not use Bot Manager processing.
Default: inherit
Note: Bot Manager processing is not available on a content rule with an action type different than Group.
botmngid
 
Sets the Bot Manager policy for this rule. The botmngid must be specific when the bot manager processing, botmng, is set to specific.
secpath
 
Sets the new SecurePath Policy for the content rule.
SecurePath integration requires a sideband connection to Radware Cloud.
Set the Sideband to point to an FQDN group defined with the CNAME of the application as appear in Radware Cloud.
For SecurePath Policy configuration use /cfg/security/secpath/
sideband
 
Sets the sideband processing for the content rule.
Select if the Sideband policy should be inherited from Virtual Service or disabled.
Select disable if the traffic that matches the content rule should not be inspected by Radware Cloud.
Values: inherit, disable
Default: inherit
secwa
 
Sets the Secured Web Application Processing for the content rule.
Values: inherit, disable
Default: inherit
fastwa
 
Sets the Web application for this rule.
copy
 
Copies the rule to another index in the same virtual service. This option can also be used to change the priority of a rule.
ena
 
Enables the rule.
dis
 
Disables the rule.
del
 
Deletes the rule.
cur
 
Displays the current rule configuration.