netscaler.adc.nshttpprofile module – Configuration for HTTP profile resource.

Note

This module is part of the netscaler.adc collection (version 2.6.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install netscaler.adc.

To use it in a playbook, specify: netscaler.adc.nshttpprofile.

New in netscaler.adc 2.0.0

Synopsis

  • Configuration for HTTP profile resource.

Parameters

Parameter

Comments

adpttimeout

any

Adapts the configured request timeout based on flow conditions. The timeout is increased or decreased internally and applied on the flow.

Choices:

  • "ENABLED"

  • "DISABLED"

allowonlywordcharactersandhyphen

any

When enabled allows only the word characters [A-Za-z0-9_] and hyphen [-] in the request/response header names and the connection will be reset for the other characters. When disabled allows any visible (printing) characters (%21-%7E) except delimiters (double quotes and “(),/:;<=>?@[]{}”).

Choices:

  • "ENABLED"

  • "DISABLED"

altsvc

any

Choose whether to enable support for Alternative Services.

Choices:

  • "ENABLED"

  • "DISABLED"

altsvcvalue

any

Configure a custom Alternative Services header value that should be inserted in the response to advertise a HTTP/SSL/HTTP_QUIC vserver.

apdexcltresptimethreshold

any

This option sets the satisfactory threshold (T) for client response time in milliseconds to be used for APDEX calculations. This means a transaction responding in less than this threshold is considered satisfactory. Transaction responding between T and 4*T is considered tolerable. Any transaction responding in more than 4*T time is considered frustrating. Citrix ADC maintains stats for such tolerable and frustrating transcations. And client response time related apdex counters are only updated on a vserver which receives clients traffic.

api_path

string

Base NITRO API path.

Define only in case of an ADM service proxy call

Default: "nitro/v1/config"

clientiphdrexpr

any

Name of the header that contains the real client IP address.

cmponpush

any

Start data compression on receiving a TCP packet with PUSH flag set.

Choices:

  • "ENABLED"

  • "DISABLED"

conmultiplex

any

Reuse server connections for requests from more than one client connections.

Choices:

  • "ENABLED"

  • "DISABLED"

dropextracrlf

any

Drop any extra ‘CR’ and ‘LF’ characters present after the header.

Choices:

  • "ENABLED"

  • "DISABLED"

dropextradata

any

Drop any extra data when server sends more data than the specified content-length.

Choices:

  • "ENABLED"

  • "DISABLED"

dropinvalreqs

any

Drop invalid HTTP requests or responses.

Choices:

  • "ENABLED"

  • "DISABLED"

grpcholdlimit

any

Maximum size in bytes allowed to buffer gRPC packets till trailer is received

grpcholdtimeout

any

Maximum time in milliseconds allowed to buffer gRPC packets till trailer is received. The value should be in multiples of 100

grpclengthdelimitation

any

Set to DISABLED for gRPC without a length delimitation.

Choices:

  • "ENABLED"

  • "DISABLED"

http2

any

Choose whether to enable support for HTTP/2.

Choices:

  • "ENABLED"

  • "DISABLED"

http2altsvcframe

any

Choose whether to enable support for sending HTTP/2 ALTSVC frames. When enabled, the ADC sends HTTP/2 ALTSVC frames to HTTP/2 clients, instead of the Alt-Svc response header field. Not applicable to servers.

Choices:

  • "ENABLED"

  • "DISABLED"

http2direct

any

Choose whether to enable support for Direct HTTP/2.

Choices:

  • "ENABLED"

  • "DISABLED"

http2headertablesize

any

Maximum size of the header compression table used to decode header blocks, in bytes.

http2initialconnwindowsize

any

Initial window size for connection level flow control, in bytes.

http2initialwindowsize

any

Initial window size for stream level flow control, in bytes.

http2maxconcurrentstreams

any

Maximum number of concurrent streams that is allowed per connection.

http2maxemptyframespermin

any

Maximum number of empty frames allowed in HTTP2 connection per minute

http2maxframesize

any

Maximum size of the frame payload that the Citrix ADC is willing to receive, in bytes.

http2maxheaderlistsize

any

Maximum size of header list that the Citrix ADC is prepared to accept, in bytes. NOTE: The actual plain text header size that the Citrix ADC accepts is limited by maxHeaderLen. Please change maxHeaderLen parameter as well when modifying http2MaxHeaderListSize.

http2maxpingframespermin

any

Maximum number of ping frames allowed in HTTP2 connection per minute

http2maxresetframespermin

any

Maximum number of reset frames allowed in HTTP/2 connection per minute

http2maxsettingsframespermin

any

Maximum number of settings frames allowed in HTTP2 connection per minute

http2minseverconn

any

Minimum number of HTTP2 connections established to backend server, on receiving HTTP requests from client before multiplexing the streams into the available HTTP/2 connections.

http2strictcipher

any

Choose whether to enable strict HTTP/2 cipher selection

Choices:

  • "ENABLED"

  • "DISABLED"

http3

any

Choose whether to enable support for HTTP/3.

Choices:

  • "ENABLED"

  • "DISABLED"

http3maxheaderblockedstreams

any

Maximum number of HTTP/3 streams that can be blocked while HTTP/3 headers are being decoded.

http3maxheaderfieldsectionsize

any

Maximum size of the HTTP/3 header field section, in bytes.

http3maxheadertablesize

any

Maximum size of the HTTP/3 QPACK dynamic header table, in bytes.

httppipelinebuffsize

any

Application pipeline request buffering size, in bytes.

incomphdrdelay

any

Maximum time to wait, in milliseconds, between incomplete header packets. If the header packets take longer to arrive at Citrix ADC, the connection is silently dropped.

managed_netscaler_instance_id

string

added in netscaler.adc 2.6.0

The ID of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_ip

string

added in netscaler.adc 2.6.0

The IP of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_name

string

added in netscaler.adc 2.6.0

The name of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_password

string

added in netscaler.adc 2.6.0

The password of the managed NetScaler instance.

Define only in case of an ADM service proxy call

In Settings > Administration > System Configurations > Basic Settings,

if you select Prompt Credentials for Instance Login,

ensure to configure username and password of a managed instance.

managed_netscaler_instance_username

string

added in netscaler.adc 2.6.0

The username of the managed NetScaler instance.

Define only in case of an ADM service proxy call

In Settings > Administration > System Configurations > Basic Settings,

if you select Prompt Credentials for Instance Login,

ensure to configure username and password of a managed instance.

markconnreqinval

any

Mark CONNECT requests as invalid.

Choices:

  • "ENABLED"

  • "DISABLED"

markhttp09inval

any

Mark HTTP/0.9 requests as invalid.

Choices:

  • "ENABLED"

  • "DISABLED"

markhttpheaderextrawserror

any

Mark Http header with extra white space as invalid

Choices:

  • "ENABLED"

  • "DISABLED"

markrfc7230noncompliantinval

any

Mark RFC7230 non-compliant transaction as invalid

Choices:

  • "ENABLED"

  • "DISABLED"

marktracereqinval

any

Mark TRACE requests as invalid.

Choices:

  • "ENABLED"

  • "DISABLED"

maxheaderfieldlen

any

Number of bytes allowed for header field for HTTP header. If number of bytes exceeds beyond configured value, then request will be marked invalid

maxheaderlen

any

Number of bytes to be queued to look for complete header before returning error. If complete header is not obtained after queuing these many bytes, request will be marked as invalid and no L7 processing will be done for that TCP connection.

maxreq

any

Maximum number of requests allowed on a single connection. Zero implies no limit on the number of requests.

maxreusepool

any

Maximum limit on the number of connections, from the Citrix ADC to a particular server that are kept in the reuse pool. This setting is helpful for optimal memory utilization and for reducing the idle connections to the server just after the peak time. Zero implies no limit on reuse pool size. If non-zero value is given, it has to be greater than or equal to the number of running Packet Engines.

minreusepool

any

Minimum limit on the number of connections, from the Citrix ADC to a particular server that are kept in the reuse pool. This setting is helpful for optimal memory utilization and for reducing the idle connections to the server just after the peak time. Zero implies no limit on reuse pool size.

name

any

Name for an HTTP profile. Must begin with a letter, number, or the underscore \(_\) character. Other characters allowed, after the first character, are the hyphen \(-\), period \(.\), hash \(\#\), space \( \), at \(@\), colon \(:\), and equal \(=\) characters. The name of a HTTP profile cannot be changed after it is created.

CLI Users: If the name includes one or more spaces, enclose the name in double or single quotation marks \(for example, “my http profile” or ‘my http profile’\).

netscaler_console_as_proxy_server

boolean

added in netscaler.adc 2.6.0

The IP address of the NetScaler ADC appliance acting as a proxy server.

Define only in case of an ADM service proxy call

Choices:

  • false ← (default)

  • true

nitro_auth_token

string

The authentication token provided by a login operation.

nitro_pass

string

The password with which to authenticate to the NetScaler ADC node.

nitro_protocol

string

Which protocol to use when accessing the nitro API objects.

Choices:

  • "http"

  • "https" ← (default)

nitro_user

string

The username with which to authenticate to the NetScaler ADC node.

nsip

string / required

The ip address of the NetScaler ADC appliance where the nitro API calls will be made.

The port can be specified with the colon (:). E.g. 192.168.1.1:555.

passprotocolupgrade

any

Pass protocol upgrade request to the server.

Choices:

  • "ENABLED"

  • "DISABLED"

persistentetag

any

Generate the persistent Citrix ADC specific ETag for the HTTP response with ETag header.

Choices:

  • "ENABLED"

  • "DISABLED"

reqtimeout

any

Time, in seconds, within which the HTTP request must complete. If the request does not complete within this time, the specified request timeout action is executed. Zero disables the timeout.

reqtimeoutaction

any

Action to take when the HTTP request does not complete within the specified request timeout duration. You can configure the following actions:

* RESET - Send RST (reset) to client when timeout occurs.

* DROP - Drop silently when timeout occurs.

* Custom responder action - Name of the responder action to trigger when timeout occurs, used to send custom message.

reusepooltimeout

any

Idle timeout (in seconds) for server connections in re-use pool. Connections in the re-use pool are flushed, if they remain idle for the configured timeout.

rtsptunnel

any

Allow RTSP tunnel in HTTP. Once application/x-rtsp-tunnelled is seen in Accept or Content-Type header, Citrix ADC does not process Layer 7 traffic on this connection.

Choices:

  • "ENABLED"

  • "DISABLED"

save_config

boolean

If true the module will save the configuration on the NetScaler ADC node if it makes any changes.

The module will not save the configuration on the NetScaler ADC node if it made no changes.

Choices:

  • false ← (default)

  • true

state

string

The state of the resource being configured by the module on the NetScaler ADC node.

When present, the resource will be added/updated configured according to the module’s parameters.

When absent, the resource will be deleted from the NetScaler ADC node.

When unset, the resource will be unset on the NetScaler ADC node.

Choices:

  • "present" ← (default)

  • "absent"

  • "unset"

validate_certs

boolean

If false, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates.

Choices:

  • false

  • true ← (default)

weblog

any

Enable or disable web logging.

Choices:

  • "ENABLED"

  • "DISABLED"

websocket

any

HTTP connection to be upgraded to a web socket connection. Once upgraded, Citrix ADC does not process Layer 7 traffic on this connection.

Choices:

  • "ENABLED"

  • "DISABLED"

Notes

Note

Examples

---
- name: Sample Playbook
  hosts: localhost
  gather_facts: false
  tasks:
    - name: Sample Task | nshttpProfile
      delegate_to: localhost
      netscaler.adc.nshttpprofile:
        state: present
        name: httpprofile-HTTP2-0
        http2: ENABLED

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

changed

boolean

Indicates if any change is made by the module

Returned: always

Sample: true

diff

dictionary

Dictionary of before and after changes

Returned: always

Sample: {"after": {"key2": "pqr"}, "before": {"key1": "xyz"}, "prepared": "changes done"}

diff_list

list / elements=string

List of differences between the actual configured object and the configuration specified in the module

Returned: when changed

Sample: ["Attribute `key1` differs. Desired: (<class 'str'>) XYZ. Existing: (<class 'str'>) PQR"]

failed

boolean

Indicates if the module failed or not

Returned: always

Sample: false

loglines

list / elements=string

list of logged messages by the module

Returned: always

Sample: ["message 1", "message 2"]

Authors

  • Sumanth Lingappa (@sumanth-lingappa)