Configuring HTTP Tagging

To configure HTTP Tagging rule sets:

  1. Configure the tag-rule statement at the http-manager hierarchy level to specify a name for this rule.

    In the following example, the tag-rule statement is configured as rule1.

  2. Configure the term statement at the http-manager hierarchy level to specify a numbered identity for each term in a rule.

    The term statement can be configured with an identity ranging from 1 through 255. In the following example, the term statement is configured as 1.

  3. Configure the destination-address statement at the http-manager hierarchy level to define the IP address.

    This statement accepts a list of IPv4 or IPv6 IP addresses. In the following example, the destination-address statement is configured as a from clause inside a term called 1 inside a tag-rule called rule1. Using the <except> keyword forces a policy match if that address is not the destination address.

  4. Configure the destination-address-range statement and specify a low-to-high IP address range.

    This statement accepts a list of IPv4 or IPv6 IP address ranges. In the following example, the destination-address-range statement is configured as a from clause inside a term called 1 inside a tag-rule called rule1. Using the <except> keyword forces a policy match if that address is not the destination address.

  5. Configure the destination-ports statement and specify a list of ports.

    In the following example, the destination-ports statement is configured as a from clause inside a term called 1 inside a tag-rule called rule1 and configured as 100.

  6. Configure the destination-port-range statement and specify a low-to-high port range.

    In the following example, the destination-port-range statement is configured as a from clause inside a term called 1 inside a tag-rule called rule1 and configured as 1000 and 2000 for minimum value and maximum value respectively.

  7. Configure the destination-prefix-list statement to reference a predefined prefix list.

    You can reference any address prefix-list configured in the router.

  8. Configure the x-forwarded-for statement to apply a pair of address masks to the address.

    The two types of masks are specified by the mask or or-value statements. These address masks can be IPv4 or IPv6 addresses. If one of the masks is specified, then the other must also be specified. <mask> is logically joined to the IP address with an AND operator and then subsequently logically joined to the <or-value> with an OR operator. The resultant address is inserted into the packet along with the x-forwarded-for tag.

  9. Configure the tag statement to specify a reference name for a tag definition.

    The tags are inserted in the order specified in the CLI.

  10. Configure the tag-header statement to determine the tag header to apply to the HTTP header.

    The tag header string cannot contain the following characters: (, ), <, >, @, “,”, ;, \, “””, /, [, ], ?, =, {, and }. In the following example, the tag-header statement is configured under a tag statement named httpmanager inside a then clause inside a term called 1 and a tag-rule called rule1.

  11. Configure the tag-separator statement to specify the separator character to be inserted between tag attributes.

    In the following example, the tag-header statement is configured under a tag statement named httpmanager inside a then clause inside a term called 1 and a tag-rule called rule1.

  12. Configure the tag-attribute statement to specify a reference name for a tag attribute.

    Multiple tag attributes can be defined per tag header. The order of insertion is determined by the attribute-id.

  13. Configure the radius-attribute, fixed-attribute, or subscriber-attribute statements depending on the type of tag-attribute you want to configure.
    • If you want to configure a radius-attribute statement, specify the radius-attribute-id that corresponds to the numbered RADIUS attributes ranging from 1 through 255. When specified, the RADIUS attribute is looked up for the subscriber that the policy applies to, and the result is inserted into the packet.
    • If you want to configure a fixed-attribute statement, specify the subscriber-id. When specified, the PTSP subscriber_id attribute is looked up and inserted into the packet.
    • If you want to configure a subscriber-attribute statement, specify a text string that is used to look up a subscriber attribute. Ensure that all subscriber attributes are predefined in the services http-manager tag-attribute.
  14. If you want to configure a rule set with multiple rules, configure the tag-rule-set statement and specify the name for the rule set.

    A rule set is a collection of rules ordered in the sequence in which they are entered. Rule sets are evaluated in the order in which they are configured in a service set.

  15. Configure the service-set statement to create a service set for the tagging rules and the rule sets that you have created. See Configuring HTTP Content Management Service Sets for more information.

Configuring HTTP Tagging Rule sets

services {http-manager {tag-rule rule1 {term 1 {from {destination-address {10.0.0.1/32;}destination-address-range {low 10.0.0.10 high 10.0.0.30;}destination-prefix-list {list1;}destination-ports 100;destination-port-range {low 1000 high 2000;}}then {tag tag1 {tag-header httpmanager;tag-separator :;tag-attribute 1 {radius-attribute 100;}tag-attribute 2 {fixed-attribute subscriber-id;}}x-forwarded-for {mask 0.255.255.255;or-value 168.0.0.0;}count;}}}tag-rule-set tagging1 {rule rule1;}}}

Related Documentation

Copyright© 1999-2012 Juniper Networks, Inc. All rights reserved.