The HTTP Callouts option will be used for configured types of requests, or when criteria are met during policy evaluation. When the criteria matches the type of request, you might want to stall the policy evaluation briefly, retrieve information from a server, and then perform an action depending on the retrieved information. Another option could be that you want to update a database or the content hosted on a web server based on the requests.
An HTTP Callout is an HTTP or HTTPS request that Citrix NetScaler generates and sends to an external resource when the criteria matches during policy evaluation. The information can be analyzed by default syntax policy expressions.
You can use HTTP Callouts to obtain information from external applications. The Callout policy sends an HTTP request to an external application. An agent that you deploy in front of the application formats the request for the application.
The HTTP Callout can be configured for HTTP or HTTPS content switching, TCP content switching, rewrites, responders, and token-based load balancing methods.
To perform the HTTP Callout function, we must set up an application on the server that will be used to send the HTTP Callout. This server/application will called the HTTP Callout agent and must respond with the required information. The HTTP Callout agent can be a web server that serves the data for which Citrix NetScaler sends the callout. We have to make sure that the format of the response to an HTTP Callout doesn't change from one invocation to another.
After we have set up the HTTP Callout agent, we can configure the HTTP Callout on Citrix NetScaler. In order to use the HTTP Callout, we need to include the Callout in a default syntax policy and bind the policy to the bind point which we want the policy to be evaluated.
When receiving a request from the client, Citrix NetScaler evaluates the request against the configured policies bounded to various bind points. During the evaluation from the policies, Citrix NetScaler will stall the policy evaluation when the HTTP Callout expression is being used. The expression will be SYS.HTTP_CALLOUT(name). When Citrix NetScaler receives the response, it will either perform an action or jump to the next policy depending on the evaluation of the response from the HTTP Callout agent as FALSE or TRUE.
The preceding figure demonstrates the working of an HTTP Callout request based on a bound responder policy on NetScaler load balancing. The NetScaler load balancing virtual server has an HTTP Callout configured to allow only specific incoming requests. When Citrix NetScaler receives a request from a client or device that's contacting the NetScaler load balancing virtual server, the appliance will generate the HTTP Callout request and send it to the configured HTTP Callout agent. The HTTP Callout agent will receive the request and verify the requested URL. If the requested URL matches the allowed expression, the HTTP Callout agent will forward the requested response to the configured services. If the requested URL doesn't match, Citrix NetScaler will reset the client connection.
To work with the HTTP Callout functionality, we have to start by enabling the responder feature. The responder policy will also be explained in this chapter, but for HTTP Callout, we won't provide too much information about the working of the responder feature.
Go to AppExpert | HTTP Callouts and click on Add. Fill in the correct information based on the following explanation:
- Name: This will be the name where the HTTP Callout will be named to.
- Comment: Here, we can add a comment if necessary.
- Server to receive callout request: Select the corresponding virtual server or enter the IP address that will be used as the HTTP Callout agent in this HTTP Callout configuration.
- Request Type: Select the proper request type. This can be
Attribute-basedorExpression-based. WithAttribute-based, it's possible to use an attribute in the URL for example. WithExpression-based, we can only use expressions based on the functionalities in Citrix NetScaler, for example,CLIENT.IP.SRC. - Method: This option is available only when
Attribute-basedis selected under Request Type. Select the corresponding method. It can beGETorPOST. - Host Expression: This option is available only when you select
Attribute-basedunder Request Type. It contains the string expression for configuring the host header. It can also contain a value such as the IP address of the backend machine or the host request header. - URL Stem Expression: This option is available only when you select
Attribute-basedunder Request Type. In this expression, the generating URL needs to be filled in. So, the request URL should be entered here, which will be sent to the HTTP Callout server. - Body Expression: Again, this option is only available when
Attribute-basedis selected. It can contain an advanced string expression for generating the body of the request. - Headers: This option is available only when you select
Attribute-basedunder Request Type. It contains information for identifying that it's about a Callout request. Normally, the name would beRequestand Value-expression would beCallout Request. - Parameters: This option too is available only when you select
Attribute-basedunder Request Type. The parameter sends the requested information to the backend. For example, consider the parameter nameClientIPwith Value-expression asCLIENT.IP.SRC. TheClientIPparameter can request by the HTTP Callout agent to request the source IP from the client. - Full Expression: This option is available only when you select
Expression-basedunder Request Type. It needs the exact HTTP request in the form of an expression, which Citrix NetScaler sends to the HTTP Callout agent. - Scheme: Select
HTTPorHTTPS. - Return Type: Select the type of data and how the HTTP Callout will respond. The available types are
TEXT,NUM, andBOOL:TEXT: The returned value will be sent as a text stringNUM: The returned value will be sent as a numberBOOL: The returned value will be sent as a Boolean value
- Expression to extract data from the response: Define what will be sent back to the client, for example,
HTTP.RES.BODY(200). This means that there will be 200 bytes sent back from the requested URL. - Cache Expiration Time (in secs): This is the duration in seconds for which the Callout response is cached. The cached responses will be stored in an integrated caching content group named
calloutContentGroup. The integrated caching license is required for this functionality.
After creating the HTTP Callout configuration, it's time to configure the responder policy, which will be needed to call the HTTP Callout. The responder policy can be configured globally or on the load balancing virtual server. The expression will be SYS.HTTP_CALLOUT(NAMEOFTHECREATEDHTTPCALLOUT). An explanation of the configured responder will be in the chapter.
For an HTTP Callout to work correctly, all the HTTP Callout parameters and the entities associated with the Callout must be configured correctly. While the NetScaler appliance does not check the validity of the HTTP Callout parameters, it indicates the state of the bound entities, namely the server or virtual server to which the HTTP Callout is sent. The following list shows you the icons and describes the conditions under which these icons are displayed:
: The state of the server that hosts the HTTP Callout agent, or the load balancing, content switching, or cache redirection virtual server to which the HTTP Callout is sent is UP
: The state of the server that hosts the HTTP Callout agent, or the load balancing, content switching, or cache redirection virtual server to which the HTTP Callout is sent is OUT OF SERVICE