Pulse Secure Virtual Traffic Manager: TrafficScript Guide, v20.1

Product Release 20.1

Published 16 March, 2020

Document Version 1.0

Pulse Secure Virtual Traffic Manager:

TrafficScript Guide

Supporting Pulse Secure Virtual Traffic Manager 20.1

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

Pulse Secure, LLC

2700 Zanker Road,

Suite 200 San Jose

CA 95134

www.pulsesecure.net

Pulse Secure and the Pulse Secure logo are trademarks of Pulse Secure, LLC in the United States.

All other trademarks, service marks, registered trademarks, or registered service marks are the

property of their respective owners.

Pulse Secure, LLC assumes no responsibility for any inaccuracies in this document. Pulse Secure, LLC

reserves the right to change, modify, transfer, or otherwise revise this publication without

notice.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

The information in this document is current as of the date on the title page.

END USER LICENSE AGREEMENT

The Pulse Secure product that is the subject of this technical documentation consists of (or is

intended for use with) Pulse Secure software. Use of such software is subject to the terms and

conditions of the End User License Agreement (“EULA”) posted at

http://www.pulsesecure.net/support/eula/. By downloading, installing or using such software,

you agree to the terms and conditions of that EULA.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

Contents

PREFACE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

DOCUMENT CONVENTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

TEXT FORMATTING CONVENTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

COMMAND SYNTAX CONVENTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

NOTES AND WARNINGS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

REQUESTING TECHNICAL SUPPORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

SELF-HELP ONLINE TOOLS AND RESOURCES. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

OPENING A CASE WITH PSGSC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

INTRODUCTION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

ABOUT THIS GUIDE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

THE TRAFFICSCRIPT LANGUAGE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

TRAFFICSCRIPT EXAMPLES. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

APPLICATION OF RULES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

USING A TRAFFICSCRIPT RULE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

TRAFFICSCRIPT SYNTAX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

STATEMENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

CONSTANTS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

VARIABLES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

EXPRESSIONS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

OPERATORS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

TYPE CASTS IN TRAFFICSCRIPT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

CONDITIONALS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

THE “IF” STATEMENT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

THE "SWITCH" STATEMENT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

LOOPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

“FOR” LOOPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

‘WHILE’ LOOPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

“DO” LOOPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

“FOREACH” LOOPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

OTHER FLOW CONTROL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

COMPLEX DATA TYPES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

ARRAYS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

HASHES. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

THE GLOBAL ASSOCIATIVE ARRAY. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

THE PROCESS-LOCAL ASSOCIATIVE ARRAY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

THE CONNECTION-LOCAL ARRAY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

LIBRARIES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

FUNCTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

ESCAPING REGULAR EXPRESSIONS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

CREATING NEW SUBROUTINES IN TRAFFICSCRIPT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

SYNTAX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

REQUEST AND RESPONSE RULES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

PROCESSING MULTIPLE REQUESTS AND RESPONSES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

SPECIALIZED PROTOCOL HANDLING FUNCTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

PROCESSING OTHER PROTOCOLS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

THE STATE MACHINE IN DETAIL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

CONTROLLING THE STATE MACHINE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

SAMPLE TRAFFICSCRIPT RULES. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

ROUTING BY CONTENT TYPE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

RESTRICTING ACCESS BASED ON THE TIME OF DAY. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

CUSTOMER PRIORITIZATION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

ROUTING BASED ON XML TRAFFIC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

EXAMPLE: GOOGLE SEARCH REQUEST. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

AUTHENTICATING USER ACCESS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

SYNCHRONIZING REQUESTS AND RESPONSES. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

STREAMING HTTP RESPONSES. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

MANAGING FTP CONNECTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

TROUBLESHOOTING. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

CHECKING SYNTAX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

DEBUGGING RULES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

REQUEST AND RESPONSE RULES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

A SPECIAL NOTE ABOUT POOL.USE AND POOL.SELECT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

FUNCTION REFERENCE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

TRAFFICSCRIPT CORE FUNCTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

ARRAY.APPEND( ARRAY1, ARRAY2 ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

ARRAY.CONTAINS( ARRAY, VALUE ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

ARRAY.COPY( ARRAY ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

ARRAY.CREATE( SIZE, [DEFAULT] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

ARRAY.FILTER( ARRAY, PATTERN, [FLAGS] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

ARRAY.JOIN( ARRAY, [SEPARATOR] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

ARRAY.LENGTH( ARRAY ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

ARRAY.POP( ARRAY ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

ARRAY.PUSH( ARRAY, VALUE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

ARRAY.RESIZE( ARRAY, SIZE, [DEFAULT] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

ARRAY.REVERSE( ARRAY ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

ARRAY.SHIFT( ARRAY ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

ARRAY.SORT( ARRAY, [REVERSE] ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

ARRAY.SORTNUMERICAL( ARRAY, [REVERSE] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

ARRAY.SPLICE( ARRAY, OFFSET, LENGTH, [VALUES] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

ARRAY.UNSHIFT( ARRAY, VALUE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

HASH.CONTAINS( HASH, KEY ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

HASH.COUNT( HASH ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

HASH.DELETE( HASH, KEY ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

HASH.EMPTY( HASH ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

HASH.KEYS( HASH ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

HASH.VALUES( HASH ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

JSON.DESERIALIZE( JSON_STRING ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

JSON.SERIALIZE( OBJECT ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

LANG.ASSERT( CONDITION, MESSAGE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

LANG.CHR( NUMBER ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

LANG.DUMP( VARIABLE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

LANG.ISARRAY( DATA ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

LANG.ISHASH( DATA ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

LANG.MAX( PARAM1, PARAM2 ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

LANG.MIN( PARAM1, PARAM2 ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

LANG.ORD( STRING ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

LANG.TOARRAY( VALUES ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

LANG.TODOUBLE( VALUE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

LANG.TOHASH( VALUES ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

LANG.TOINT( VALUE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

LANG.TOSTRING( VALUE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

LANG.TOCHAR( NUMBER ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

LANG.WARN( MESSAGE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

MATH.ACOS( X ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

MATH.ASIN( X ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

MATH.ATAN( ANGLE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

MATH.CEIL( VALUE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

MATH.COS( ANGLE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

MATH.EXP( POWER ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

MATH.FABS( VALUE ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

MATH.FLOOR( VALUE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

MATH.LN( VALUE ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

MATH.LOG( VALUE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

MATH.POW( NUM, POWER ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

MATH.RANDOM( RANGE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

MATH.RINT( VALUE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

MATH.SIN( ANGLE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

MATH.SQRT( NUM ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

MATH.TAN( ANGLE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

STRING.BERTOINT( STRING ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

STRING.IREPLACE( STRING, SEARCH, REPLACEMENT ) - DEPRECATED . . . . . . . . . . . . . . . . . . . . 62

STRING.IREPLACEALL( STRING, SEARCH, REPLACEMENT ) - DEPRECATED . . . . . . . . . . . . . . . . . 62

STRING.APPEND( STR1, STR2, ... ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

STRING.BASE64DECODE( STRING ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

STRING.BASE64ENCODE( STRING ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

STRING.BYTESTODOTTED( STRING ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

STRING.BYTESTOINT( STRING ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

STRING.CMP( STR1, STR2 ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

STRING.CONTAINS( HAYSTACK, NEEDLE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

STRING.CONTAINSI( HAYSTACK, NEEDLE ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

STRING.COUNT( HAYSTACK, NEEDLE, [START] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

STRING.DECRYPT( STRING, PASSPHRASE ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

STRING.DOTTEDTOBYTES( IP ADDRESS ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

STRING.DROP( STRING, COUNT ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

STRING.ENCRYPT( STRING, PASSPHRASE ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

STRING.ENDSWITH( STRING, SUFFIX ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

STRING.ENDSWITHI( STRING, SUFFIX ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

STRING.ESCAPE( STRING ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

STRING.EXTRACTHOST( STRING ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

STRING.EXTRACTPORT( STRING ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

STRING.FIND( HAYSTACK, NEEDLE, [START] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

STRING.FINDI( HAYSTACK, NEEDLE, [START] ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

STRING.FINDR( HAYSTACK, NEEDLE, [DISTANCEFROMENDTOSTART] ) . . . . . . . . . . . . . . . . . . . 69

STRING.HASH( STRING ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

STRING.HASHMD5( STRING ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

STRING.HASHSHA1( STRING ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

STRING.HASHSHA256( STRING ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

STRING.HASHSHA384( STRING ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

STRING.HASHSHA512( STRING ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

STRING.HEXTOINT( STRING ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

STRING.HEXDECODE( ENCODED STRING ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

STRING.HEXENCODE( STRING ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

STRING.HTMLDECODE( ENCODEDSTRING ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

STRING.HTMLENCODE( STRING ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

STRING.ICMP( STR1, STR2 ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

STRING.INSERTBYTES( STRING, INSERTION, OFFSET ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

STRING.INTTOBER( NUMBER ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

STRING.INTTOBYTES( NUMBER, [WIDTH] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

STRING.INTTOHEX( STRING ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

STRING.IPMASKMATCH( IP ADDRESS, CIDR IP SUBNET ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

STRING.LEFT( STRING, COUNT ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

STRING.LEN( STRING ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

STRING.LENGTH( STRING ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

STRING.LOWERCASE( STRING ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

STRING.NORMALIZEIPADDRESS( STRING ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

STRING.RANDOMBYTES( LENGTH ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

STRING.REGEXESCAPE( STRING ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

STRING.REGEXMATCH( STRING, REGEX, [FLAGS] ) ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

STRING.REGEXSUB( STRING, REGEX, REPLACEMENT, [FLAGS] ). . . . . . . . . . . . . . . . . . . . . . . . . . 76

STRING.REPLACE( STRING, SEARCH, REPLACEMENT ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

STRING.REPLACEALL( STRING, SEARCH, REPLACEMENT ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

STRING.REPLACEALLI( STRING, SEARCH, REPLACEMENT ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

STRING.REPLACEBYTES( STRING, REPLACEMENT, OFFSET ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

STRING.REPLACEI( STRING, SEARCH, REPLACEMENT ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

STRING.REVERSE( STRING ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

STRING.RIGHT( STRING, COUNT ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

STRING.SKIP( STRING, COUNT ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

STRING.SPLIT( STRING, [SEPARATOR] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

STRING.SPRINTF( FORMAT STRING, ARGUMENTS ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

STRING.STARTSWITH( STRING, PREFIX ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

STRING.STARTSWITHI( STRING, PREFIX ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

STRING.SUBSTRING( STRING, BASE, END ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

STRING.TRIM( STRING ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

STRING.UNESCAPE( ESCAPED STRING ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

STRING.UPPERCASE( STRING ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

STRING.URLENCODE( STRING ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

STRING.URLENCODEEXCEPTRESERVED( STRING ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

STRING.VALIDIPADDRESS( STRING ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

STRING.WILDMATCH( STRING, PATTERN ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

STRING.GMTIME.PARSE( STR ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

SYS.DOMAINNAME() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

SYS.GETENV( VARIABLE ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

SYS.GETNETWORKINTERFACES( HASH_OF_OPTIONS ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

SYS.GETPID(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

SYS.HOSTNAME() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

SYS.TIME() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

SYS.TIMETOSTRING( UNIXTIME ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

SYS.GMTIME.FORMAT( FORMAT, UNIXTIME ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

SYS.LOCALTIME.FORMAT( FORMAT, UNIXTIME ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

SYS.TIME.HIGHRES() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

SYS.TIME.HOUR( UNIXTIME ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

SYS.TIME.MINUTES( UNIXTIME ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

SYS.TIME.MONTH() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

SYS.TIME.MONTHDAY( UNIXTIME ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

SYS.TIME.SECONDS( UNIXTIME ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

SYS.TIME.WEEKDAY( UNIXTIME ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

SYS.TIME.YEAR( UNIXTIME ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

SYS.TIME.YEARDAY( UNIXTIME ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

TRAFFIC MANAGER FUNCTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

AUTH.QUERY( AUTHENTICATOR, USER, [PASSWORD] ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

CONNECTION.BYPASSPROTOCOLHANDLING(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

CONNECTION.CHECKLIMITS( [POOLNAME] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

CONNECTION.CLOSE( DATA, [READ] ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

CONNECTION.DISCARD() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

CONNECTION.GETBANDWIDTHCLASS() - DEPRECATED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

CONNECTION.GETCOMPLETIONREASONCODE(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

CONNECTION.GETCOMPLETIONREASONINFO(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

CONNECTION.GETDATA( COUNT ) - DEPRECATED. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

CONNECTION.GETDATALEN() - DEPRECATED. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

CONNECTION.GETLINE( OFFSET ) - DEPRECATED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

CONNECTION.GETLOCALIP() - DEPRECATED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

CONNECTION.GETLOCALPORT() - DEPRECATED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

CONNECTION.GETMEMORYUSAGE() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

CONNECTION.GETNODE() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

CONNECTION.GETPERSISTENCE() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

CONNECTION.GETPOOL() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

CONNECTION.GETPROXYCLIENTIP() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

CONNECTION.GETPROXYCLIENTPORT() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

CONNECTION.GETPROXYHEADERTYPE(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

CONNECTION.GETPROXYSERVERIP() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

CONNECTION.GETPROXYSERVERPORT() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

CONNECTION.GETPROXYTLVDATA( TLV_TYPE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

CONNECTION.GETPROXYVERSION(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

CONNECTION.GETREMOTEIP() - DEPRECATED. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

CONNECTION.GETREMOTEPORT() - DEPRECATED. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

CONNECTION.GETSERVICELEVELCLASS() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

CONNECTION.GETVIRTUALSERVER() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

CONNECTION.SETBANDWIDTHCLASS( NAME ) - DEPRECATED . . . . . . . . . . . . . . . . . . . . . . . . . 101

CONNECTION.SETDATA( REQUEST DATA ) - DEPRECATED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

CONNECTION.SETIDEMPOTENT( RESEND ) - DEPRECATED. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

CONNECTION.SETPERSISTENCE( NAME ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

CONNECTION.SETPERSISTENCEKEY( VALUE ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

CONNECTION.SETPERSISTENCENODE( VALUE ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

CONNECTION.SETSERVICELEVELCLASS( LEVEL ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

CONNECTION.SLEEP( MILLISECONDS ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

CONNECTION.DATA.GET( KEY ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

CONNECTION.DATA.SET( KEY, VALUE ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

COUNTER.INCREMENT( COUNTER, [AMOUNT] ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

COUNTER64.INCREMENT( COUNTER, [AMOUNT] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

DATA.GET( KEY ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

DATA.GETMEMORYFREE() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

DATA.GETMEMORYUSAGE() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

DATA.REMOVE( KEY ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

DATA.RESET( [PREFIX] ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

DATA.SET( KEY, VALUE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

DATA.LOCAL.GET( KEY ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

DATA.LOCAL.GETMEMORYFREE() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

DATA.LOCAL.GETMEMORYUSAGE() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

DATA.LOCAL.REMOVE( KEY ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

DATA.LOCAL.RESET( [PREFIX] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

DATA.LOCAL.SET( KEY, VALUE ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

EVENT.EMIT( CUSTOM EVENT NAME, MESSAGE ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

GEO.GETCITY( IP ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

GEO.GETCOUNTRY( IP ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

GEO.GETCOUNTRYCODE( IP ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

GEO.GETDISTANCEKM( LAT1, LON1, LAT2, LON2 ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

GEO.GETDISTANCEMILES( LAT1, LON1, LAT2, LON2 ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

GEO.GETIPDISTANCEKM( IP1, IP2 ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

GEO.GETIPDISTANCEMILES( IP1, IP2 ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

GEO.GETLATITUDE( IP ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

GEO.GETLOCATION() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

GEO.GETLOCATIONLONLAT() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

GEO.GETLONGITUDE( IP ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

GEO.GETREGION( IP ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

GEO.GETREGIONCODE( IP ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

GLB.GETDOMAIN() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

GLB.GETIPS() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

GLB.SERVICE.AVOIDLOCATION( LOCATION ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

GLB.SERVICE.GETLOCATIONLOAD( LOCATION, [ SERVICE ] ). . . . . . . . . . . . . . . . . . . . . . . . . . . 115

GLB.SERVICE.GETLOCATIONWEIGHT( LOCATION, [ SERVICE ] ) . . . . . . . . . . . . . . . . . . . . . . . . 115

GLB.SERVICE.GETNAME() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

GLB.SERVICE.GETNEARESTLOCATION() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

GLB.SERVICE.IGNORELOCATION( LOCATION ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

GLB.SERVICE.ISLOCATIONLIVE( LOCATION, [ SERVICE ] ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

GLB.SERVICE.LISTDOMAINS( [ SERVICE ] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

GLB.SERVICE.LISTLOCATIONS( [ SERVICE ] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

GLB.SERVICE.PREFERLOCATION( LOCATION ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

GLB.SERVICE.SKIP() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

GLB.SERVICE.USELOCATION( LOCATION ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

HTTP.ADDHEADER( NAME, VALUE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

HTTP.ADDRESPONSEHEADER( NAME, VALUE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

HTTP.CHANGESITE( NAME ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

HTTP.COOKIE( NAME ) - DEPRECATED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

HTTP.DISABLECLIENTKEEPALIVE(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

HTTP.DOESFORMPARAMEXIST( PARAMETER ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

HTTP.GETBODY( [COUNT] ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

HTTP.GETBODYLINES( [COUNT] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

HTTP.GETCLIENTVERSION() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

HTTP.GETCOOKIE( NAME ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

HTTP.GETCOOKIES() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

HTTP.GETFORMPARAM( PARAMETER, [SEPARATOR] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

HTTP.GETFORMPARAMNAMES( SEPARATOR ) - DEPRECATED . . . . . . . . . . . . . . . . . . . . . . . . . 124

HTTP.GETFORMPARAMS() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

HTTP.GETHEADER( NAME ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

HTTP.GETHEADERNAMES() - DEPRECATED. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

HTTP.GETHEADERS(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

HTTP.GETHOSTHEADER() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

HTTP.GETMETHOD() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

HTTP.GETMULTIPARTATTACHMENT( PART ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

HTTP.GETPATH() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

HTTP.GETQUERYSTRING() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

HTTP.GETRAWQUERYSTRING(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

HTTP.GETRAWURL(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

HTTP.GETREQUEST(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

HTTP.GETRESPONSE(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

HTTP.GETRESPONSEBODY( [COUNT] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

HTTP.GETRESPONSEBODYLINES( [COUNT] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

HTTP.GETRESPONSECODE() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

HTTP.GETRESPONSECOOKIE( NAME ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

HTTP.GETRESPONSECOOKIES() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

HTTP.GETRESPONSEHEADER( NAME ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

HTTP.GETRESPONSEHEADERNAMES() - DEPRECATED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

HTTP.GETRESPONSEHEADERS() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

HTTP.GETRESPONSEVERSION(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

HTTP.GETSCHEME(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

HTTP.GETVERSION() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

HTTP.HEADEREXISTS( NAME ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

HTTP.LISTFORMPARAMNAMES(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

HTTP.LISTHEADERNAMES() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

HTTP.LISTRESPONSEHEADERNAMES() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

HTTP.NORMALIZEPATH( URL ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

HTTP.REDIRECT( ADDRESS ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

HTTP.REMOVECOOKIE( NAME ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

HTTP.REMOVEHEADER( NAME ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

HTTP.REMOVERESPONSECOOKIE( NAME ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

HTTP.REMOVERESPONSEHEADER( NAME ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

HTTP.RESPONSEHEADEREXISTS( NAME ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

HTTP.SCRUBREQUESTHEADERS( HEADER1, HEADER2, ... ) . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

HTTP.SCRUBRESPONSEHEADERS( HEADER1, HEADER2, ... ) . . . . . . . . . . . . . . . . . . . . . . . . . . 136

HTTP.SENDRESPONSE( CODE, TYPE, BODY, HEADERS ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

HTTP.SETBODY( BODY ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

HTTP.SETCOOKIE( NAME, VALUE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

HTTP.SETESCAPEDPATH( URL ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

HTTP.SETHEADER( NAME, VALUE ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

HTTP.SETIDEMPOTENT( RESEND ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

HTTP.SETMETHOD( METHOD ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

HTTP.SETPATH( URL ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

HTTP.SETQUERYSTRING( QUERYSTRING ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

HTTP.SETRAWPATH( URL ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

HTTP.SETRAWQUERYSTRING( QUERYSTRING ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

HTTP.SETRESPONSEBODY( BODY, [TRANSFER-ENCODING] ) . . . . . . . . . . . . . . . . . . . . . . . . . . 140

HTTP.SETRESPONSECODE( CODE, [MESSAGE] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

HTTP.SETRESPONSECOOKIE( NAME, VALUE, [OPTIONS] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

HTTP.SETRESPONSEHEADER( NAME, VALUE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

HTTP.APTIMIZER.BYPASS() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

HTTP.APTIMIZER.USE( SCOPE, PROFILE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

HTTP.AUTH.GETAUTHENTICATEDUSER() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

HTTP.CACHE.DISABLE() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

HTTP.CACHE.ENABLE() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

HTTP.CACHE.EXISTS( [POOLNAME] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

HTTP.CACHE.RESPONDIFCACHED( [POOLNAME] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

HTTP.CACHE.SETKEY( KEY ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

HTTP.COMPRESS.DISABLE() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

HTTP.COMPRESS.ENABLE(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

HTTP.CONNECTION.SENDORIGIN( ORIGIN1, ORIGIN2, ... ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

HTTP.KERBEROS.GETCLIENTPRINCIPALNAME() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

HTTP.KERBEROS.GETDELEGATEDTICKET(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

HTTP.KERBEROS.GETPRINCIPAL() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

HTTP.KERBEROS.GETTARGETPRINCIPALNAME() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

HTTP.KERBEROS.ISENABLED() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

HTTP.KERBEROS.SETCLIENTPRINCIPALNAME( PRINCIPALNAME ) . . . . . . . . . . . . . . . . . . . . . . 149

HTTP.KERBEROS.SETENABLED( ENABLED ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

HTTP.KERBEROS.SETPRINCIPAL( PRINCIPALCATALOGITEM ) . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

HTTP.KERBEROS.SETTARGETPRINCIPALNAME( PRINCIPALNAME ). . . . . . . . . . . . . . . . . . . . . . 149

HTTP.REQUEST.DELETE( URL, [ HEADERS ], [ TIMEOUT ] ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

HTTP.REQUEST.GET( URL, [ HEADERS ], [ TIMEOUT ] ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

HTTP.REQUEST.HEAD( URL, [ HEADERS ], [ TIMEOUT ] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

HTTP.REQUEST.POST( URL, POST DATA, [ HEADERS ], [ TIMEOUT ] ) . . . . . . . . . . . . . . . . . . 152

HTTP.REQUEST.PUT( URL, PUT DATA, [ HEADERS ], [ TIMEOUT ] ) . . . . . . . . . . . . . . . . . . . . . 153

HTTP.REQUEST.SSL.GET( URL, CA_CERTIFICATES, [ HEADERS ], [ TIMEOUT ], [ VERIFY-

HOSTNAME ] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

HTTP.STREAM.CONTINUEFROMBACKEND( [DATA] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

HTTP.STREAM.FINISHRESPONSE( [DATA] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

HTTP.STREAM.READBULKRESPONSE( COUNT, [DELIMITER] ) . . . . . . . . . . . . . . . . . . . . . . . . . . 156

HTTP.STREAM.READRESPONSE( COUNT, [DELIMITER] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

HTTP.STREAM.STARTRESPONSE( RESP_CODE, CONTENT_TYPE, [CONTENT_LENGTH, HEADERS]

)

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

HTTP.STREAM.WRITERESPONSE( DATA ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

JAVA.RUN( JAVA EXTENSION CLASS NAME, [OPTIONS] ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

LOG.ERROR( MESSAGE ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

LOG.INFO( MESSAGE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

LOG.WARN( MESSAGE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

NET.DNS.RESOLVEHOST( HOSTNAME ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

NET.DNS.RESOLVEHOST6( HOSTNAME ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

NET.DNS.RESOLVEIP( IP ADDRESS ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

POOL.ACTIVENODES( POOL ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

POOL.CHECKNODE( POOL, HOST, PORT ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

POOL.DISABLEDNODES( POOL ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

POOL.DRAININGNODES( POOL ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

POOL.FAILEDNODES( POOL ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

POOL.LISTACTIVENODES( POOL ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

POOL.LISTALLNODES( POOL ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

POOL.LISTDISABLEDNODES( POOL ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

POOL.LISTDRAININGNODES( POOL ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

POOL.LISTFAILEDNODES( POOL ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

POOL.SELECT( POOL, [ HOST, PORT ] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

POOL.USE( POOL, [ HOST, PORT ] ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

RADIUS.GETCALLINGSTATIONID(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

RATE.GETBACKLOG( CLASS_NAME, [ CONTEXT ] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

RATE.USE( CLASS_NAME, [ CONTEXT ] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

RATE.USE.NOQUEUE( CLASS_NAME, [ CONTEXT ] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

RECENTCONNS.EXCLUDE() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

RECENTCONNS.INCLUDE() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

RECENTCONNS.MARKEDFORINCLUSION(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

REQUEST.AVOIDNODE( NODE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

REQUEST.ENDSAT( OFFSET ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

REQUEST.ENDSWITH( REGEX ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

REQUEST.GET( [COUNT] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

REQUEST.GETBANDWIDTHCLASS(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

REQUEST.GETDSCP(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

REQUEST.GETDESTIP() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

REQUEST.GETDESTPORT(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

REQUEST.GETLENGTH() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

REQUEST.GETLINE( [REGEX], [OFFSET] ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

REQUEST.GETLOCALIP(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

REQUEST.GETLOCALPORT(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

REQUEST.GETLOGENABLED() - DEPRECATED. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

REQUEST.GETMAXTRANSACTIONDURATION() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

REQUEST.GETREMOTEIP() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

REQUEST.GETREMOTEPORT() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

REQUEST.GETRETRIES() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

REQUEST.GETTOS() - DEPRECATED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

REQUEST.ISRESENDABLE(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

REQUEST.RETRY(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

REQUEST.SENDRESPONSE( DATA ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

REQUEST.SET( REQUEST DATA ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

REQUEST.SETBANDWIDTHCLASS( NAME ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

REQUEST.SETDSCP( 6-BIT DSCP FIELD ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

REQUEST.SETIDEMPOTENT( RESEND ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

REQUEST.SETLOGENABLED( ENABLED ) - DEPRECATED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

REQUEST.SETMAXCONNECTIONATTEMPTS( INT ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

REQUEST.SETMAXREPLYTIME( SECONDS ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

REQUEST.SETMAXTIMEDOUTCONNECTIONATTEMPTS( INT ) . . . . . . . . . . . . . . . . . . . . . . . . . . 178

REQUEST.SETMAXTRANSACTIONDURATION( INT ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

REQUEST.SETREMOTEIP( IPADDR ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

REQUEST.SETTOS( TYPE OF SERVICE ) - DEPRECATED. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

REQUEST.SETVIRTUALSERVERTIMEOUT( SECONDS ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

REQUEST.SKIP( COUNT ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

REQUESTLOG.EXCLUDE() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

REQUESTLOG.INCLUDE() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

REQUESTLOG.MARKEDFORINCLUSION() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

RESOURCE.EXISTS( FILENAME ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

RESOURCE.GET( FILENAME ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

RESOURCE.GETLINES( FILENAME ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

RESOURCE.GETMD5( FILENAME ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

RESOURCE.GETMTIME( FILENAME ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

RESPONSE.APPEND( RESPONSE DATA ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

RESPONSE.CLOSE() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

RESPONSE.FLUSH( COUNT ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

RESPONSE.GET( [COUNT] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

RESPONSE.GETBANDWIDTHCLASS() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

RESPONSE.GETDSCP(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

RESPONSE.GETLENGTH() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

RESPONSE.GETLINE( [REGEX], [OFFSET] ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

RESPONSE.GETLOCALIP() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

RESPONSE.GETLOCALPORT() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

RESPONSE.GETREMOTEIP(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

RESPONSE.GETREMOTEPORT(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

RESPONSE.GETTOS() - DEPRECATED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

RESPONSE.SET( RESPONSE DATA ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

RESPONSE.SETBANDWIDTHCLASS( NAME ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

RESPONSE.SETDSCP( 6-BIT DSCP FIELD ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

RESPONSE.SETTOS( TYPE OF SERVICE ) - DEPRECATED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

RTSP.ADDREQUESTHEADER( NAME, VALUE ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

RTSP.ADDRESPONSEHEADER( NAME, VALUE ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

RTSP.GETMETHOD() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

RTSP.GETPATH() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

RTSP.GETRAWURL(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

RTSP.GETREQUEST() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

RTSP.GETREQUESTBODY( [COUNT] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

RTSP.GETREQUESTBODYLINES( COUNT ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

RTSP.GETREQUESTHEADER( NAME ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

RTSP.GETREQUESTHEADERNAMES() - DEPRECATED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

RTSP.GETREQUESTHEADERS() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

RTSP.GETRESPONSE() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

RTSP.GETRESPONSEBODY( [COUNT] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

RTSP.GETRESPONSEBODYLINES( COUNT ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

RTSP.GETRESPONSECODE() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

RTSP.GETRESPONSEHEADER( NAME ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

RTSP.GETRESPONSEHEADERNAMES() - DEPRECATED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

RTSP.GETRESPONSEHEADERS() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

RTSP.GETVERSION() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

RTSP.LISTREQUESTHEADERNAMES(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

RTSP.LISTRESPONSEHEADERNAMES(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

RTSP.REDIRECT( PATH ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

RTSP.REMOVEREQUESTHEADER( NAME ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

RTSP.REMOVERESPONSEHEADER( NAME ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

RTSP.REQUESTHEADEREXISTS( NAMES ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

RTSP.RESPONSEHEADEREXISTS( NAME ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

RTSP.SENDRESPONSE( CODE, BODY, HEADERS ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

RTSP.SETMETHOD( METHOD ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

RTSP.SETPATH( URL ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

RTSP.SETREQUESTBODY( BODY ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

RTSP.SETREQUESTHEADER( NAME, VALUE ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

RTSP.SETRESPONSEBODY( BODY ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

RTSP.SETRESPONSECODE( CODE, [MESSAGE] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

RTSP.SETRESPONSEHEADER( NAME, VALUE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

RULE.GETNAME(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

RULE.GETSTATE(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

SIP.ADDREQUESTHEADER( NAME, VALUE, AT_TOP ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

SIP.ADDRESPONSEHEADER( NAME, VALUE, AT_TOP ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

SIP.GETMETHOD(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

SIP.GETREQUEST(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

SIP.GETREQUESTBODY() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

SIP.GETREQUESTBODYLINES() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

SIP.GETREQUESTHEADER( NAME ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

SIP.GETREQUESTHEADERNAMES() - DEPRECATED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

SIP.GETREQUESTHEADERS() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

SIP.GETREQUESTURI() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

SIP.GETRESPONSE() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

SIP.GETRESPONSEBODY() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

SIP.GETRESPONSEBODYLINES() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

SIP.GETRESPONSECODE() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

SIP.GETRESPONSEHEADER( NAME ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

SIP.GETRESPONSEHEADERNAMES() - DEPRECATED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

SIP.GETRESPONSEHEADERS() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

SIP.GETVERSION() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

SIP.LISTREQUESTHEADERNAMES() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

SIP.LISTRESPONSEHEADERNAMES() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

SIP.REDIRECT( CONTACT ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

SIP.REMOVEREQUESTHEADER( NAME ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

SIP.REMOVERESPONSEHEADER( NAME ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

SIP.REQUESTHEADEREXISTS( NAME ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

SIP.RESPONSEHEADEREXISTS( NAME ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

SIP.SENDRESPONSE( CODE, REASON, [HEADERS], [BODY] ). . . . . . . . . . . . . . . . . . . . . . . . . . . 207

SIP.SETMETHOD( METHOD ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

SIP.SETREQUESTBODY( BODY ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208

SIP.SETREQUESTHEADER( NAME, VALUE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208

SIP.SETREQUESTURI( URI ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

SIP.SETRESPONSEBODY( BODY ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

SIP.SETRESPONSECODE( CODE, [MESSAGE] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

SIP.SETRESPONSEHEADER( NAME, VALUE ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

SLM.CONFORMING( [ CLASS NAME ] ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

SLM.ISOK( [ CLASS_NAME ] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

SLM.THRESHOLD( [ CLASS_NAME ] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

SSL.CLIENTCERT() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

SSL.CLIENTCERTALGORITHM() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

SSL.CLIENTCERTCHAIN() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

SSL.CLIENTCERTCOMMONNAME(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

SSL.CLIENTCERTENDDATE() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

SSL.CLIENTCERTHASH() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

SSL.CLIENTCERTISSUER() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

SSL.CLIENTCERTPUBLICKEY() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

SSL.CLIENTCERTSHA1() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

SSL.CLIENTCERTSERIAL() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

SSL.CLIENTCERTSERIALDEC() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

SSL.CLIENTCERTSTARTDATE(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

SSL.CLIENTCERTSTATUS() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

SSL.CLIENTCERTSUBJECT(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

SSL.CLIENTCERTVERSION() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

SSL.CLIENTCIPHER() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

SSL.CLIENTSUPPORTSSECURERENEGOTIATION(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

SSL.GETCLIENTCLOSEALERT(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

SSL.GETSERVERCLOSEALERT() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

SSL.GETTLSSERVERNAME() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

SSL.ISSSL(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

SSL.REQUESTCERT() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

SSL.REQUIRECERT(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

SSL.SERVERCERT() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

SSL.SERVERCERTALGORITHM() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

SSL.SERVERCERTCOMMONNAME() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

SSL.SERVERCERTENDDATE() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

SSL.SERVERCERTHASH(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

SSL.SERVERCERTISSUER(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

SSL.SERVERCERTNAME() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

SSL.SERVERCERTPUBLICKEY(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

SSL.SERVERCERTSHA1() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

SSL.SERVERCERTSERIAL(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

SSL.SERVERCERTSTARTDATE() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

SSL.SERVERCERTSUBJECT() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

SSL.SERVERCERTVERSION() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

SSL.SERVERSITENAME() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

SSL.SETCLIENTCLOSEALERT( ALERTFLAG ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

SSL.SETSERVERCLOSEALERT( ALERTFLAG ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

SSL.SETTLSSERVERNAME( SERVERNAME ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

SSL.SSLKEYLOGLINE() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

SSL.SSLSESSIONID() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

STATS.GETQUEUETIME() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

STATS.GETSERVERRESPONSETIME(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

STATS.GETTRANSACTIONDURATION() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

SYS.GETRESTAPIPORT() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

SYS.ISFIPS() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

TCP.CLOSE( SOCK ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

TCP.CONNECT( IP, PORT, [TIMEOUT] ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

TCP.READ( SOCKET, MAXIMUM, [TIMEOUT] ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

TCP.WRITE( SOCKET, DATA, [TIMEOUT] ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

UDP.SENDTO( HOST, PORT, DATA ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

XML.VALIDATE( DOCUMENT, DTD ) - DEPRECATED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

XML.VALIDATE.DTD( DOCUMENT, DTD ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

XML.VALIDATE.XSD( DOCUMENT, SCHEMA ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

XML.XPATH.MATCHNODECOUNT( DOC, NSPACEMAP, QUERY ) . . . . . . . . . . . . . . . . . . . . . . . . 231

XML.XPATH.MATCHNODESET( DOC, NSPACEMAP, QUERY ) . . . . . . . . . . . . . . . . . . . . . . . . . . . 232

XML.XSLT.TRANSFORM( DOCUMENT, STYLESHEET ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

Preface

• Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

• Requesting Technical Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Document conventions

The document conventions describe text formatting conventions, command syntax conventions, and

important notice formats used in Pulse Secure technical documentation.

Text formatting conventions

Text formatting conventions such as boldface, italic, or Courier font may be used in the flow of the text to

highlight specific words or phrases.

Command syntax conventions

Bold and italic text identify command syntax components. Delimiters and operators define groupings of

parameters and their logical relationships.

Format Description

bold text Identifies command names

Identifies keywords and operands

Identifies the names of user-manipulated GUI elements

Identifies text to enter at the GUI

italic text Identifies emphasis

Identifies variables

Identifies document titles

Courier Font Identifies command output

Identifies command syntax examples

Convention Description

bold text Identifies command names, keywords, and command options.

italic text Identifies a variable.

[ ] Syntax components displayed within square brackets are optional.

Default responses to system prompts are enclosed in square brackets.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

Notes and Warnings

Note, Attention, and Caution statements might be used in this document.

Note: A Note provides a tip, guidance, or advice, emphasizes important information, or provides a reference to

related information.

ATTENTION

An Attention statement indicates a stronger note, for example, to alert you when traffic might be interrupted or

the device might reboot.

CAUTION

A Caution statement alerts you to situations that can be potentially hazardous to you or cause damage to

hardware, firmware, software, or data.

Requesting Technical Support

Technical product support is available through the Pulse Secure Global Support Center (PSGSC). If you have a

support contract, file a ticket with PSGSC.

• Product warranties—For product warranty information, visit https://support.pulsesecure.net/product-

service-policies/

Self-Help Online Tools and Resources

For quick and easy problem resolution, Pulse Secure provides an online self-service portal called the Customer

Support Center (CSC) that provides you with the following features:

• Find CSC offerings: https://support.pulsesecure.net

• Search for known bugs: https://support.pulsesecure.net

• Find product documentation: https://www.pulsesecure.net/techpubs

• Download the latest versions of software and review release notes: https://support.pulsesecure.net

• Open a case online in the CSC Case Management tool: https://support.pulsesecure.net

{ x | y | z } A choice of required parameters is enclosed in curly brackets

separated by vertical bars. You must select one of the options.

x | y A vertical bar separates mutually exclusive elements.

< > Non-printing characters, for example, passwords, are enclosed in angle

brackets.

... Repeat the previous element, for example, member[member...].

\ Indicates a “soft” line break in command examples. If a backslash

separates two lines of a command input, enter the entire command at

the prompt without the backslash.

Convention Description

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

• To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool:

https://support.pulsesecure.net

For important product notices, technical articles, and to ask advice:

• Search the Pulse Secure Knowledge Center for technical bulletins and security advisories: https://

kb.pulsesecure.net

• Ask questions and find solutions at the Pulse Community online forum: https://

community.pulsesecure.net

Opening a Case with PSGSC

You can open a case with PSGSC on the Web or by telephone.

• Use the Case Management tool in the PSGSC at https://support.pulsesecure.net.

• Call 1-844 751 7629 (Toll Free, US).

For international or direct-dial options in countries without toll-free numbers, see

https://support.pulsesecure.net/support/support-contacts/

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

Introduction

This chapter introduces the TrafficScript rules language, and provides a brief overview of it’s usage. This

chapter includes the following sections:

• About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

• The TrafficScript Language. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

• Application of Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

• Using a TrafficScript Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

About This Guide

The Pulse Secure Virtual Traffic Manager: TrafficScript Guide describes the Pulse Secure Virtual Traffic Manager

(Traffic Manager) TrafficScript language.

This guide introduces you to the syntax and commands used in TrafficScript, and is intended as a complete

reference to all TrafficScript functions available in the Traffic Manager.

The TrafficScript Language

By using the TrafficScript language, you can write tailored traffic management rules to inspect, manage and

route requests and responses within your Traffic Manager deployment.

TrafficScript rules can manage connections in any TCP-based or UDP-based protocol. The Traffic Manager

executes designated rules whenever a new connection or network request is received, whenever it receives a

response from a back-end server node, or at the completion of a transaction. TrafficScript rules can inspect the

incoming and outgoing data in the connection, and other aspects such as the remote client address. They can

also connect to external TCP or HTTP services on demand.

The TrafficScript rules can then modify the request or response (for example, rewriting the URL or headers in

an HTTP request), set session persistence parameters, or decide how to route the request to the most

appropriate pool. This makes it possible to control precisely how traffic is managed, using rules designed to

meet to your specific hosting requirements.

This manual introduces the TrafficScript language, provides details of syntax and usage, and then includes a

full reference guide to the available function set for version 20.1.

TrafficScript rules are stored in the Rules Catalog and applied to your Virtual Servers.

Note: TrafficScript rules can use regular expressions. Before using regular expressions, read and understand

the security considerations in the “Administration System Security” chapter of the Pulse Secure Virtual Traffic

Manager: User’s Guide.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

FIGURE 1 Analyzing and managing traffic using TrafficScript rules

Use TrafficScript to perform any of these traffic management tasks:

• Inspect incoming or outgoing traffic and rewrite it fully or in part as desired.

• Restrict a Web site to a certain range of IP addresses.

• Apply selective management to elements such as Web spiders.

• Enable or disable functions for a given request or response (such as compression)

• Retry requests that generate errors a maximum number of times.

• Future-proof your services against any change in the back-end components of the system.

• Work around broken links and content on your Web site.

TrafficScript Examples

The following example TrafficScript rule can be used with HTTP requests. It handles the request as follows:

• Requests for “www.example.co.uk” are rewritten to “www.example.com”.

• Requests for .jsp pages are routed to a set of application servers (the pool named “JSPServers”).

• Requests for URLs beginning “/secure” are only allowed during office hours.

# Rewrite host header if necessary

if( http.getHeader( "Host" ) == "www.example.co.uk" ) {

http.setHeader( "Host", "www.example.com" );

}

$path = http.getPath();

# Give .jsp requests to the ‘JSPServers’ pool

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

if( string.endsWith( $path, ".jsp" ) ) {

pool.use( "JSPServers" );

}

# Deny access to /secure outside office hours

if( string.startsWith( $path, "/secure" ) ) {

if( sys.time.hour() < 9 || sys.time.hour() >= 18 ){

connection.discard();

}

The next example rule can be used with HTTP responses. It processes the response as follows:

• If the HTTP status code is 404 or 5xx, retry the request a maximum of 3 times.

• If the response contains references to www.example.co.uk, rewrite it by changing these references to

www.example.com.

$code = http.getResponseCode();

if( $code == 404 || $code >= 500 ) {

if( request.getRetries() < 3 ) {

# Avoid the current node when we retry,

# if possible

request.avoidNode( connection.getNode() );

request.retry();

} else {

http.sendResponse( "312 Redirect", "text/plain",

"", "Location: /" );

}

# We're only going to process text/html responses, so

# break out of the rule if the response is of a

# different type...

if( http.getResponseHeader(

"Content-Type" ) != "text/html" ) break;

$response = http.getResponseBody();

if( string.contains( $response,"www.example.co.uk" ) ) {

$response = string.regexsub( $response,

"www.example.co.uk", "www.example.com", "g" );

http.setResponseBody( $reponse );

}

Application of Rules

Rules are typically used by a virtual server to choose a pool to handle a request. The rule can inspect any part

of the request, possibly modify it, and decide which pool should handle the request.

Further uses of TrafficScript rules include:

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

• You can use a rule to dictate session persistence information to a pool. After inspecting the request the

rule can use the connection.setPersistenceKey() function to provide a string to persist on. This

string is used by the “Universal” session persistence method to identify the session the request belongs

to.

• Rules can be used to check the response from the server and modify it, or even retry the request (if

possible) if a transient error was detected.

• If you use various back-end systems with different presentation styles or even different protocols, rules

can be used to integrate them into a single, coherent and consistent service. Incoming requests can be

rewritten into the format suitable for the required service, and responses can be rewritten into a single,

consistent form.

• For example, HTTP requests that involve a database lookup can be rewritten into SOAP request for a

Web Service; the XML response can then be transformed into a suitable HTML document to return

using HTTP.

• Rules can override the classes assigned to a connection by the Virtual Server or the Pool. This way, they

can specify custom behaviour for each connection. For example, connections to a slow resource can be

given a longer response time tolerance. Classes you can assign in this way include “Service Level

Monitoring”, “Session Persistence” and “Bandwidth Management”.

• Service Protection classes can use rules. If you have associated a Service Protection class with your

Virtual Server, it inspects the incoming packets. The class might use a rule to check the packet for a

match with known Web worms or viruses. This rule is executed before the main processing of the

Virtual Server is carried out.

Using a TrafficScript Rule

TrafficScript rules are stored in the Rules catalog. You can use the Rules catalog to create rules, upload them

from an external source, modify or duplicate them, and delete unused rules as required.

You can configure a Virtual Server to execute one or more rules from the catalog each time it receives a new

request or response, or at completion of a transaction. This way, several different Virtual Servers can use the

same rule, and modifications to the rule take effect on all Virtual Servers.

To use TrafficScript rules, first create a new rule or upload a previously created rule using the Rules catalog.

Then configure your Virtual Server to reference and use this rule.

To Create a Rule in the Catalog

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

1. Click Configure > Catalogs > Rules Catalog.

FIGURE 2 Creating a new rule

2. In the “Create New Rule” section, type a name for your rule.

3. Click Use TrafficScript Language.

4. To create the rule, click Create Rule.

5. On the TrafficScript editing page, type your rule content into the Rule text box. For longer rules, you

might want to consider writing the rule in a separate text editor before pasting it in. To view the online

function reference, click TrafficScript Help. To syntax check your rule, click Check Syntax.

6. Optionally add a free text description of the rule into the Notes text box.

7. To save your changes, click Update.

Note: Some TrafficScript functions are protocol specific (such as 'http.getHeader()') and can only be used when

handling associated connections. Some functions are only appropriate in a request rule or a response rule. For

example, a function that modifies a parameter of a response has no effect if used in a request rule (as the

response has not yet been received). For more details, refer to the documentation for each function in this

guide, or in the Online Help.

To Upload a Rule to the Catalog

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

Note: Your rules should be in plain text, and the Traffic Manager uses the full filename (including extension) as

the rule name.The Traffic Manager performs a syntax check on the uploaded rule file. Warnings and errors are

displayed on the Rule catalog page, the Diagnose page, and in the Event Log.

1. Click Catalogs > Rules Catalog.

2. In the "Upload an existing rule" section, click Choose file to select a rule file from your local filesystem.

3. Choose whether to overwrite existing rules that have the same name as your filename.

4. Click Upload Rule.

To Configure a Virtual Server to Use a Rule

1. Click Configure > Virtual Servers and edit your selected Virtual Server.

2. To view and modify the request, response, and transaction completion rules associated with this Virtual

Server, click Rules.

FIGURE 3 Applying a rule to a virtual server

You can choose new rules to add to each rule type from the drop-down selection at the bottom of each

list.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

3. Rules are executed in a specified order. If the first rule does not make a final decision about a request

or response, the second rule is tested, and so on. To reorder the list, use the mouse pointer to drag the

rule bars up and down as desired.

4. To enable or disable individual rules in the list, use the controls provided. To remove a rule completely

from the list, click Remove. Note that removed rules are not deleted from the catalog, they are just

disassociated with your Virtual Server.

5. For non-http protocols, you can specify whether the rule should be executed just once (against the first

request or response), or against every request and response in the protocol dialogue.

Note: This option is not necessary for HTTP virtual servers because HTTP is a single request-response protocol,

and requests within a keepalive connection are processed independently.

You can test the effect of a new rule by enabling and disabling it for your test Virtual Server.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

TrafficScript Syntax

TrafficScript is the scripting language provided by the Traffic Manager. An administrator can create TrafficScript

rules to process requests, implementing suitable logic to ensure that requests are handled in the most

appropriate way. TrafficScript is similar to many other programming or scripting languages, such as C or Perl.

This chapter describes the syntax of the language.

This chapter contains the following sections:

• Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

• Constants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

• Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

• Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

• Conditionals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

• Loops. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

• Other Flow Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

• Complex Data Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

• Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

• Escaping Regular Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

• Creating New Subroutines in TrafficScript. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

• Request and Response Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

• The State Machine in Detail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Statements

A command in TrafficScript is called a statement. Each statement ends with a semicolon (;), and a TrafficScript

rule typically contains several statements.

http.setHeader( "Host", "secure.mysite.com" );

pool.use( "mypool" );

Any text between a hash (#) and the end of the line is called a comment and is ignored.

# Write a message to the event log file

log.info( "Starting to run rule now!" );

$body = http.getBody( ); # get the POST data

Constants

TrafficScript allows you to specify integer, boolean, floating point, and string values:

• Integers: sequences of digits, such as “23”; hex format (0xff) and octal format (\377) are also supported.

• Boolean: TrafficScript provides two boolean keyword constants, true and false, for use in

comparison expressions. These constants are synonymous with 1 and 0 respectively, and can be used

where an explicit truth test or return value is required.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

• Floating point: decimal point (3.14) and scientific (5.6e-2) notations are both supported.

• Strings: strings are character sequences, enclosed by double (“) quotes or single (‘) quotes.

In double-quoted strings, special characters can be escaped using the standard backslash “\” notation

(for example, “\n” is a newline character), using octal notation (“\012” is also a newline) or using

hexadecimal notation (“\x0A” is a newline).

In single-quoted strings, no escaping is performed. For example, “\n” is not converted to the newline

character.

In both types of string, for improved readability, strings can be broken across lines using a single “\”

followed by a newline:

# The following two lines both create the string ‘Hello world’

$single = 'Hello \

world';

$double = "Hello \

world";

Although, in the case of a single quoted string, not specifying the “\” at the end of the line still causes

TrafficScript to insert a newline character.

Be aware of escaping rules when writing regular expressions in TrafficScript. For example, in a double-quoted

TrafficScript string, the character “\” automatically escapes the next character, so if you want a literal “\” in your

string, double-escape it using “\\”. For this reason, regular expressions are often written using single-quoted

strings.

Variables

Variables are used in TrafficScript to store values while the rule is executed.

A simple variable can store an integer, boolean, floating point, or string value. More complex data types, such

as arrays and hashes, can also be stored in a variable. The value is interpreted as the correct type depending

on its context.

Simple data type variables are immutable when passed into a function. In other words, it is a copy of the

variable argument that is modified. Complex types, however, are treated differently. They are passed by

reference into a TrafficScript function or user-defined subroutine (for more details, see “Creating New

Subroutines in TrafficScript” on page 28), and as such operations on the stored value have a rule-wide effect.

Variables exist for the duration of the execution of the rule. Values stored in variables are discarded when the

rule completes.

Variable names always start with the dollar ($) character, and the value of a variable is set by the assignment

operator “=”.

$path = http.GetPath();

$bytes = connection.getDataLen();

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

$pi = 3.14157;

Expressions

Expressions in TrafficScript are created from combinations of literal values, variables, evaluated functions, and

operators. Expressions are evaluated when the rule is executed.

You can use expressions to:

• Construct complex strings from several different values.

• Create complex tests for “if” conditions or “while” loops.

• Perform mathematical calculations.

You can use an expression anywhere a literal value (or variable) is suitable. You normally see expressions:

• In assignment statements, assigning a value to a variable.

• In conditions – “if/else” statements and “while” loops.

• As function arguments.

For example:

$message = "The URL path is " . http.GetPath();

$four = 2 + 2;

# Sets $ratio to "75%" (for example)

$ratio = ( $a / ($a + $b) * 100 ) . "%";

$contentLength = http.getHeader( "Content-Length" );

if( $contentLength > 1024 * 1024 ) {

log.warn( "Large request body: ".$contentLength );

}

Operators

Expressions are constructed from operands (variables, literal values, and so on) and operators. Operators

perform calculations or tests on their operands.

Operands in an expression are automatically promoted to the appropriate type: string, integer, or float in

accordance with the typecasting rules described in “Type Casts in TrafficScript” on page 18.

The following sections provide details for the operator types you can use.

Mathematical

The operators “+”, “-”, “*” and “/” treat their operands as integers or doubles and add, subtract, multiply, or

divide them.

The prefix operator “-” promotes its operand to an integer or double and returns its negation.

4 + 7.5 * $a

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

-$b / $c – 1

The modulus operator “%” takes integer operands, and calculates the remainder after division.

7 % 3 # Returns 1

3 % 7 # Returns 3

String Concatenation

The operator “.” promotes its operands to strings and concatenates them.

"The message is " . $bytes . " bytes long."

( $a / ($a + $b ) * 100 ) . " percent"

The “.=” operator appends its second operand to the first:

$message = "The name is ";

$message .= "Bond, James Bond";

Comparison

The operators “==”, “!=”, “>”, “<“, “>=” and “<=” compare their operands and return true (1) or false (0). If both

arguments are strings, a string comparison is performed; otherwise the operands are promoted to integers or

floats and compared. For further information on typecasting promotion rules, see “Type Casts in TrafficScript”

on page 18.

1 > 3.14 # false

"99" > 100 # false (performs integer comparison)

"99" > "100" # true (performs string comparison)

$a == $b # are the values of $a and $b the same?

Boolean

The operators “&&” and “||” perform boolean “and” and “or” tests. The prefix operator “!” performs a Boolean

“not” test.

These operators treat their operands as either true or false, and return true (1) or false (0) accordingly:

• A non-zero number operand or non-empty string operand is true.

• A zero number operand or empty string operand is false.

"foo" && !0 # true

( 1 < 2 ) && ( 3 < 4 ) # true

$a || $b # true if $a or $b is true

Increment and Decrement

The following table shows the effect of increment and decrement operations:

Operation Description

$foo++ Increment $foo after it has been referenced

$foo-- Decrement $foo after it has been referenced

++$foo Increment $foo before it has been referenced

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

Bitwise Operators

The operators “&” (bitwise-AND), “|” (bitwise-OR), and “^” (bitwise-XOR) perform bitwise operations on their

integer arguments. Strings and floats are typecast to integers using TrafficScript typecasting rules (see “Type

Casts in TrafficScript” on page 18).

0x1234 & 255 # 0x34

1 | 2 | 4 # 7

1 ^ 3 # 2

The prefix operator “~” (bitwise-NOT) performs a bitwise NOT on its integer argument.

~1 & 0xffff # 65534

The bitwise left-shift and right-shift operators (“<<“ and “>>”) perform left and right bit-shifts on their integer

argument.

1 << 2 # 4

2 >> 1 # 1

Assignment Operators

In addition to +=, -=, increment, and decrement operators, TrafficScript supports the following mathematical

and bitwise assignment operators:

$foo *= 5 # Product equals ($foo = $foo * 5)

$foo /= 2 # Quotient equals ($foo = $foo / 5)

$foo %= 2 # Modulo equals ($foo = $foo % 5)

$foo <<= 2 # Bit-shift left equals ($foo = $foo << 2)

$foo >>= 2 # Bit-shift right equals ($foo = $foo >> 2)

$foo &= 2 # Bitwise AND equals ($foo = $foo & 2)

$foo |= 2 # Bitwise OR equals ($foo = $foo | 2)

$foo ^= 2 # Bitwise XOR equals ($foo = $foo ^ 2)

Precedence

Complex expressions follow the standard rules of precedence. Parentheses “(“ and “)” can be used to group

sub-expressions.

--$foo Decrement $foo before it has been referenced

$foo += 5 Add 5 to the value of $foo ($foo = $foo + 5)

$foo -= 5 Subtract 5 from the value of $foo ($foo = $foo

- 5)

Operation Description

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

Type Casts in TrafficScript

Variables in TrafficScript can contain data of various types: integer, floating point (double), string, boolean,

array, and hash. TrafficScript automatically casts (converts) values and variables into the correct type when you

evaluate an expression or call a function. See the following table for details:

Strings and doubles are rounded up or down to the nearest integer value when they are cast to integers.

$int = 10;

$double = 2.71828;

string.len( $int ); # casts to string, returns 2

string.len( $double ); # casts to string, returns 7

# Set $string to "10, 2.71828"

$string = $int . ", " . $double;

# Convert $string to a number, and add 4:

$r = $string + 4; # $r is 14

Conditionals

TrafficScript provides two primary conditional statement types, “If” and “Switch”.

Value Cast to

integer

Cast to

double

Cast to

string

Cast to

boolean

Cast to

array

Cast to

hash

14 (integer) 14 14.0 "14" true [ 14 ] [ ]

3.25 (double) 3 3.25 "3.25" true [ 3.25 ] [ ]

3.75 (double) 4 3.75 "3.75" true [ 3.75 ] [ ]

"abcde"(string

)

0 0.0 "abcde" true [ "abcde" ] [ ]

"3.25" (string) 3 3.25 "3.25" true [ "3.25" ] [ ]

"3.75" (string) 4 3.75 "3.75" true [ "3.75" ] [ ]

"14str" (string) 14 14.0 "14str" true [ "14str" ] [ ]

"3.2.7" (string) 3 3.2 "3.2.7" true [ "3.2.7" ] [ ]

0 (integer) 0 0.0 "0" false [ 0 ] [ ]

"0" (string) 0 0.0 "0" false [ "0" ] [ ]

"" (string) 0 0.0 "" false [ "" ] [ ]

[ ] (array) Err Err Err false [ ] [ ]

[ "0" ] (array) Err Err Err true [ "0" ] [ ]

[ "A" => 1 ]

(hash)

Err Err Err true [[ "A" => 1 ]] [ "A" => 1 ]

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

The “If” Statement

TrafficScript provides “if” and “if/else” statements for conditional execution. The condition is an expression,

which is evaluated.

The return value of the expression determines whether the condition is “true” or “false”:

• A non-zero number or non-empty string is true.

• A zero number or empty string is false.

if( <condition> ) {

}

if( <condition> ) {

} else {

}

TrafficScript evaluates the given condition. If it is true (the value is non-zero, or is a non-empty string),

TrafficScript executes the statement list that follows. In the case of an “If/Else” statement, and the condition

evaluates to false, TrafficScript instead executes the second statement list following “else”.

For example:

$path = http.getPath();

if( string.startsWith( $path, "/secure" ) ) {

pool.use( "secure pool" );

} else {

pool.use( "non-secure pool" );

}

The "switch" Statement

TrafficScript provides a "switch" statement for cases where one if-else expression can evaluate to a number of

different values, each requiring the Traffic Manager to take a different action. For example, a Traffic Manager

might serve several different domains, each with its own back-end. By checking the host value of the HTTP

header, you can use the switch statement to select the correct back-end using a number of cases.

The syntax for the switch statement is:

switch( <expression>[, <function name>] ) {

case <expression list 1>:

<statement list 1>;

case <expression list 2>:

<statement list 2>;

case <expression list 3>:

<statement list 3>;

...

[default:

<statement list>;]

}

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

By default, the Traffic Manager executes the first case containing an expression that evaluates to be equal

("==") to the switch <expression>.

You can specify an alternative comparison function using the optional <function name> argument. This

argument accepts the name of a user defined or built in function, declared without any brackets or arguments.

It must accept two arguments, with the switch expression being the first argument and the current case

expression being the second. If this function returns a value that evaluates to true, the Traffic Manager

executes the corresponding case statement list. For example, to perform matches on regular expressions, set

<function name> to the TrafficScript function "string.regexmatch".

For each case statement, you can specify either a single expression or a comma-separated list of multiple

expressions to be used in the comparison. A case is executed if the evaluation function returns true for any of

the case's expressions. In this context, the commas in the expression list act as the "or" logical operator.

The optional default statement must only be used as the last case and is always executed if reached.

A typical usage example:

$host = http.getHostHeader();

switch( $host ) {

case "secure.example.com", "ssl.example.com":

pool.use( "secure pool" );

case "www.example.com", "www.example.org", "www.example.net":

pool.use( "non-secure pool" );

default:

pool.use( "discard" );

}

An example using a custom evaluation function:

$host = http.getHostHeader();

switch( $host, string.startsWith ) {

case "secure", "ssl":

pool.use( "secure pool" );

case "www":

pool.use( "non-secure pool );

default:

pool.use( "discard" );

}

A switch statement is additionally affected by the following:

• You can use the break statement to break out of a switch statement entirely and continue execution

after the switch. This has no effect on surrounding loops.

• TrafficScript does not provide an implicit fall-through. In other words, a break at the end of a case body

is redundant.

• You can use any variable type within a switch.

• A switch has no return value.

• The Traffic Manager evaluates <expression> only once and stores the result for case comparison. If

<expression> is a function, it is therefore executed only once.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

Loops

A body of code can be executed a number of times using a loop. TrafficScript supports “for”, “while”, “do”, and

“foreach” loops.

“for” Loops

A “for” loop contains an initialization step, a test and an increment step, bracketing the body of code to be

executed on each iteration:

for( <initialization> ; <condition> ; <increment> ) {

}

For example:

for( $count = 0; $count < 10; $count++ ) {

log.info( "In loop, count = " . $count );

}

This loop will print the message 10 times, with $count running from 0 to 9.

‘while’ Loops

The “while” loop evaluates a condition, and while the condition is true, it executes the enclosed block of code:

while( <condition> ) {

}

For example:

$count = 0;

while( $count < 10 ) {

log.info( "In loop, count = " . $count );

$count = $count + 1;

}

This loop will print the message 10 times, with $count running from 0 to 9.

“do” Loops

The “do” loop executes the enclosed block of code, then checks the condition. It repeats the code while the

condition evaluates to true:

do {

} while( <condition> );

For example:

$count = 0;

do {

log.info( "In loop, count = " . $count );

$count = $count + 1;

} while( $count < 10 );

This loop will print the message 10 times, with $count running from 0 to 9.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

TrafficScript contains a number of helper functions to manipulate complex data, such as HTTP requests or

long strings. Consequently, it is rarely necessary to use loops in TrafficScript.

“foreach” Loops

Typically used with arrays and hashes, a “foreach” loop executes the bracketed body of code with each element

of the supplied array in turn. The variable to the left of the “in” operator is initialized with the next array

element prior to executing the code block.

foreach ( <element> in <array> ) {

}

For example:

$array = [ "Alex", "Matt", "Oliver", "Laurence" ];

$i = 0;

foreach ( $element in $array ) {

log.info( "Element #" . $i . " " . $element );

$i++;

}

For an example of a foreach loop with a hash, see “Hashes” on page 23.

Other Flow Control

The “break” and “continue” statements can be used to restart or exit loop or rules processing.

Inside a while loop, “break” causes execution of the loop to stop. Execution then continues to the statement

after the loop. “continue” causes the loop code to restart.

Inside a rule (outside any containing loops), “break” causes execution of the rule to stop. Execution then

proceeds to the next TrafficScript rule. “continue” causes the rule to be restarted from the beginning.

For example:

# We're only interested in processing HTTP text/html

# responses...

$mime = http.getResponseHeader( "Content-Type" );

if( !string.startsWith( $mime, "text/html" )) break;

# proceed with processing for text/html...

Complex Data Types

Arrays

An array in TrafficScript is a structured variable that stores a list of values. For example, you can define a list of

names using the following code:

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

$array = [ “Alex”, “Matt”, “Oliver”, “Laurence” ];

The values in this array can then be looked up:

$someone = $array[0];

log.info($someone);

This instructs the Traffic Manager to print the string “Alex” to the event log. TrafficScript has functions that make

it easy to work with array structures. For example, to print all of the names stored in $array using a “for” loop,

first determine the number of elements that $array stores. TrafficScript provides the function array.length() for

this purpose. For example:

$array = [ "Alex", "Matt", "Oliver", "Laurence" ];

$arraylen = array.length($array);

log.info("My array has " . $arraylen . " elements.\n");

for ( $i = 0; $i < $arraylen; $i++ ){

log.info ( "Element #" . $i . " " . $array[$i]);

}

When applied as a rule, this code causes the following output in the event log.

FIGURE 4 Example event log messages

Alternatively, you can bypass the requirement to know the array length by using a “foreach” loop. The code

below produces output similar to the previous example:

$array = [ "Alex", "Matt", "Oliver", "Laurence" ];

$i = 0;

log.info ("My array has " . array.length($array) . " elements.\n");

foreach ( $element in $array ) {

log.info( "Element #" . $i . " " . $element );

$i++;

}

For further information on array-specific functions, refer to the TrafficScript Reference in the Traffic Manager

Online Help.

Hashes

A hash in TrafficScript is similar to an array, but instead of storing a list of values it stores a list of key/value

pairs. Hashes are sometimes referred to as associative arrays. You can define a hash using the following code:

$hash = [ "orange" => "fruit",

"apple" => "fruit",

"cabbage" => "vegetable",

"pear" => "fruit" ];

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

To print all of the keys and values stored in the hash, first get a list of keys in the form of an array - using the

function hash.keys() - that you can then use in a foreach loop to print all of the values. For example:

foreach ( $key in hash.keys($hash)){

log.info("Key: " . $key . "; Value: " . $hash[$key] . ";");

}

Combining the above two samples of code results in the following output in the event log:

FIGURE 5 Example event log messages

The Global Associative Array

This is the first of three persistent associative arrays that TrafficScript can access.

Access the global array using the data.set() and data.get() functions. Data set in this array is persistent,

and can be read from a later script. This array is of fixed size (the size is defined by the Traffic Manager global

setting trafficscript!data_size). When it fills up, you cannot add further entries without first removing existing

entries.

Maintaining the Array

As mentioned, use data.set() and data.get() to add and lookup array items. To delete individual

elements, use data.remove().

To determine the amount of memory in use by the global array, use the function data.getMemoryUsage().

To delete all entries in the array, use data.reset(). You can delete a subset of the entries using

data.reset( "prefix" ).

If you want to store several different types of data globally, use a consistent prefix to start the name of each

key. Then, if you need to free memory, you can identify and delete all of the data that is stored for one

particular purpose (for example, a global cache that grows continually, but can safely be deleted and

reconstructed if necessary).

Example: An Indexed Array

You can use the global associative array to create an indexed array named “myarray” as follows:

# Declare a subroutine to calculate factorials

sub factorial( $n ) {

if( $n == 0 ) return 1;

return $n*factorial( $n-1 );

}

# Put entries into the array

$c = 0;

while( $c <= 10 ) {

$msg = "Did you know that ". $c ."! is ". factorial( $c ) ."?" ;

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

data.set( "myarray".$c, $msg );

$c++;

}

# Look up several entries. Note: the 1000th entry is empty

$msg = "";

$msg .= "Index 5: ".data.get( "myarray5" )."\n";

$msg .= "Index 10: ".data.get( "myarray10" )."\n";

$msg .= "Index 1000: ".data.get( "myarray1000" )."\n";

# delete the entire array (but no other data stored by data.set)

data.reset( "myarray" );

http.sendResponse( "200 OK", "text/plain", $msg, "" );

The Process-Local Associative Array

This is the second of three persistent associative arrays that TrafficScript can access.

When data has to be persistent to the whole system, but not globally unique, the process-local associative

array provides the best balance between flexibility and performance. Entries in the global array (using the

TrafficScript commands data.set() and data.get()), are unique across the whole system. This means that

on a Symmetric Multiprocessing (SMP) system, when a process inserts a new array entry, it has to prevent all

the other processes from accessing that same entry at the same time. The Traffic Manager achieves this with

locks that hold the other processes back until the first process has finished. As such, if entry insertions and

updates are happening very frequently, the system can spend a lot of time waiting to access the global array.

To alleviate this, the Traffic Manager provides the process-local array; accessed using data.local.*. Entries

in the process-local array can be read from any TrafficScript context that takes place in the same process as

the one that added them, across requests and connections. Essentially, the process-local array trades memory

for performance: access and manipulation is instant, no locks are involved, but data is present once per

process instead of just once across the system. In most cases this trade-off is acceptable, and in some cases,

especially where the application logic requires the use of the data.reset() function, the performance

benefits of using the process-local array are substantial.

The Connection-Local Array

This is the third of three persistent associative arrays that TrafficScript can access.

When processing a connection, it is sometimes useful to store information calculated in one rule for retrieval in

a later rule. You can do this using a connection-local associative array, using the connection.data.set()

and connection.data.get() functions.

Information stored in this way can only be retrieved by a TrafficScript rule that is processing the same

connection, and all information is destroyed (and the memory freed) when the connection completes.

Libraries

TrafficScript rules that contain subroutines can be used as libraries. Take the following rule for example:

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

sub headbug(){

# Prints each header to the event log.

$headers = http.listHeaderNames();

foreach ($header in $headers){

log.info( $header . ": " . http.getheader($header));

}

The http.listHeaderNames() function returns an array of header names that were sent in the HTTP

request.

To make this routine available as a library, save it as a separate rule and use the import statement to use it in

your other rules. For example, by saving the above routine as a rule named “foo”, you can then import and use

the headbug() subroutine using the following code:

import foo;

foo.headbug();

You can alternatively employ a locally declared alias for the imported library, such as:

import foo as mylib;

mylib.headbug();

This provides a means to reference an imported library with a more suitable, or perhaps shorter, local name.

Functionally, there is no difference between this mechanism and the directly named example.

Applying this rule to a Virtual Server causes the names and values for each header of each request that the

Virtual Server processes to be logged to the event log. You can modify the first rule (or library) so that it creates

a hash of each of the headers using the following example:

sub headbug(){

# Prints each header to the event log.

$headers = http.listHeaderNames();

foreach ($header in $headers){

$headhash = [ $header => http.getheader($header) ];

log.info( $header . ": " . $headhash[ $header ] );

}

Although this library performs the same function, it does so slightly differently in that it creates a data structure

that can be used later. To be able to use this structure later, however, you must extract it from the subroutine.

To achieve this, alter the headbug() subroutine to return the $headhash data structure, then modify the

calling code:

# foo (library rule)

sub headbug(){

# Prints each header to the event log.

$headers = http.listHeaderNames();

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

$headhash = [];

foreach ($header in $headers){

$headhash[ $header ] = http.getheader($header);

#log.info( $header . ": " . $headhash[ $header ] );

}

return($headhash);

}

# bar (calling rule)

import foo;

$headhash = foo.headbug();

foreach ($header in hash.keys($headhash)){

log.info( $header . ": " . $headhash[ $header ]);

}

Functions

A function performs an action, and returns a value. Functions are used to provide useful capabilities to

TrafficScript.

TrafficScript contains a large number of functions to manipulate data or manage the current request. For ease

of use, TrafficScript functions are grouped into families. For example, functions that operate on HTTP requests

all begin with “http.”, such as http.getHeader() or http.setBody().

To call a function, use its name followed by a pair of parentheses “()”. Many functions take one or more values

as parameters, and these are listed inside the parentheses.

connection.discard();

http.setHeader( "Cookie: type=chocolate" );

$hello = string.append( "Hello", " ", "world", "!" );

Function names are not case sensitive. So, the function lang.todouble() can be invoked using

lang.toDouble(), Lang.ToDouble() or lang.todouble().

For a description of all TrafficScript functions applicable to this product version, see “Function Reference” on

page 47

Escaping Regular Expressions

Several TrafficScript functions take regular expressions as arguments. TrafficScript uses the PCRE regular

expression library.

Regular expressions might contain a number of special characters:

• . matches any single character.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

• ? indicates that the previous expression is optional.

• * matches any number of the previous expression.

• ^ matches the beginning of a string.

• $ matches the end of a string.

If you want to match a literal period (.), or other special character in your regular expression, escape it with a

backslash (\) character.

Like many other scripting languages, double-quoted TrafficScript strings use “\” as an escape character, so to

place a regular expression like “^192\.168\.” into a TrafficScript double-quoted string, you must double-escape

the “\” character:

# Sets the regex string as ^192\.168\.

# The two examples below have the same effect

$regex = "^192\\.168\\.";

$regex = '^192\.168\.';

if ( string.regexMatch( $ip, $regex ) ) {

# IP is on 192.168.* network

}

Note that it’s not often necessary to use regular expressions in TrafficScript for the following reasons:

• To search strings, you can use string.IPMaskMatch(), string.Contains(),

string.startsWith() and string.endsWith().

• To search and replace within strings, you can use string.replace() and string.replaceAll().

Creating New Subroutines in TrafficScript

You can create new TrafficScript subroutines to improve the efficiency of your software. Once created, these

routines can be used in rules or procedures just like the predefined functions.

Syntax

The syntax to create a new subroutine is:

sub function_name ($var1, $var2)

{

<code>

return "return value"

}

Subroutines can be called just as you would call any normal function:

$ret = function_name( $foo, $var );

This example would return the value given by the subroutine into the variable $ret.

Subroutine Position and Name Restrictions

User subroutine names cannot be the same as built-in TrafficScript functions.

Subroutines can be declared above or below where they are used. For example, the following code is correct:

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

test();

sub test()

{

log.info("Attention! Test running");

}

Local Variables

Variables within subroutines are local to that section and do not affect the result when used outside of the

subroutine.

For example, the following lines of code print out an empty string, as $var is not available (passed in as an

argument) within the subroutine:

$var = "abc";

sub function()

{

log.info($var);

}

function();

$1 to $9 Variables

TrafficScript uses $1 to $9 as global variables, so they can be used to return extra data from subroutines in

addition to the (optional) return statement that returns a single value.

For example, the following code prints "Hello World":

sub greetings()

{

$1="Hello ";

return "World"

}

$ret = greetings();log.info($1 . $ret)

Request and Response Rules

TrafficScript rules are assigned to a Virtual Server. The Traffic Manager allows a rule to be used as a “request

rule”, a “response rule”, or a “transaction completion rule”:

• Request rules are executed when the first request data is received from a client. A request rule can

read further data if the client's request is not complete. When the request rules assigned to a virtual

Server have finished executing, a connection to a back-end server is made and the request data is

streamed to the server.

• Response rules are executed when the first data in the response is read from the back-end server. A

response rule can then read further data from the server, and can flush the current data to the client.

When the response rules assigned to a Virtual Server have finished executing, the remaining data is

streamed to the client.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

• Transaction completion rules are applied at the end of the transaction when, for example, the client or

server closes the connection, or when the connection times out. In the case of HTTP, RTSP and SIP

Virtual Servers, transactions are also considered complete when a full response has been sent to the

client, even if the connection is kept alive to handle another request.

Processing Multiple Requests and Responses

If the client sends another request down the same network connection, the Traffic Manager can be configured

to run the request and response rules again against this new request. To configure this behavior, use the “run

once/run every time” setting for each rule in the Virtual Server configuration. Use request.endsAt() and

request.endsWith() to parse persistent connections that contain multiple requests and responses.

Note: The run once/run every time option is not relevant for HTTP connections. Even though a client might send

several HTTP requests down the same persistent connection, they are automatically separated into single

connections internally.

Note: If you are parsing persistent connections on which the client and server can send data at any point in time

in any order, use the “Generic Streaming” Virtual Server type along with request.get() and

response.get().

Specialized Protocol Handling Functions

Processing HTTP

The Traffic Manager is fully conversant in the HTTP protocol. On a new HTTP connection, request rules are not

started until all the HTTP headers have been received. Specialized TrafficScript functions (such as

http.getPath() and http.setHeader()) are available to parse and manipulate the request.

When an HTTP response is received from a back-end server, it does not execute the response rules until it has

received all the HTTP headers in the response. Again, specialized TrafficScript functions (such as

http.setResponseHeader() and http.setResponseCookie()) are available to manipulate the

response.

Note: You cannot use the lower-level connection, request, and response functions such as

request.getLine() or response.set() to modify an HTTP request. Use the equivalent specialized HTTP

functions instead.

Although multiple HTTP requests can be submitted down a single TCP connection (using keepalives and

pipelining), the Traffic Manager transparently separates these requests and handles each individually. For this

reason, the option to run rules once or every time is not relevant to HTTP requests.

HTTPS traffic decrypted by the Traffic Manager is handled in exactly the same way. The HTTP payload requests

can be inspected and manipulated just as if they were sent in plain text.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

Other Specialized Protocols

TrafficScript offers high-level functions for several other protocols, including SIP and RTSP. Always use the high-

level functions to read and write request data where possible, rather than lower level functions such as

request.get() or response.set().

Processing Other Protocols

The Traffic Manager can handle other protocols (TCP and UDP based) using request.get(),

request.set(), response.get(), response.set(), and related functions to read requests.

Note: UDP is a connectionless protocol. To set a UDP response, use the TrafficScript function

connection.close( $data, 0 );.

The State Machine in Detail

FIGURE 6 Processing rules in TrafficScript

Controlling the State Machine

The following TrafficScript functions can be used to control the state machine when processing requests and

responses:

Function Notes

pool.use()

When used in a request rule, aborts all rules processing and specify

the pool to give the request to.

request.sendResponse

()

http.sendResponse()

When used in a request rule, specifies the response to send to the

client. The current request is discarded and no data is sent to any back-

end servers.

When the request rules finish, the response rules are run on the

provided response.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

response.close()

In a response rule, close the connection to the server.

When the response rules complete, pending response data is sent to

the client and the Traffic Manager then waits for a new request from

the client.

request.endsAt()

request.endsWith()

In a request rule, use these functions to extract individual requests

from the incoming data stream and process them synchronously in a

request-response manner.

For some protocols, a client might send several requests in one go.

These functions can be used to process the requests one-by-one.

request.retry()

In a response rule, retry the request if possible.

All request data that was read before and during a request rule is

cached. A request can be retried if all the request data was read and

cached; it can't be retried if data was subsequently streamed between

the client and the server before a response was received.

response.flush()

In a response rule, flush the current response data. Use

response.get() or response.getLine() to read further

response data.

This function can be used to manually stream data from the server to

the client, ensuring that the response rule does not complete until the

response has completed.

connection.close()

connection.discard()

These functions can be used to abort a connection, optionally

providing a response. The abort is immediate - no further rules are run

at either the request or response stage.

Function Notes

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

Sample TrafficScript Rules

This chapter contains the following sections:

• Routing by Content Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

• Restricting Access Based on the Time of Day . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

• Customer Prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

• Routing Based on XML Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

• Authenticating User Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

• Synchronizing Requests and Responses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

• Streaming HTTP Responses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

• Managing FTP Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Routing by Content Type

This example inspects the URL in an HTTP request. It decides which pool to send the request to, based on the

value of the URL.

Suppose your Web site uses a number of different technologies, including Microsoft ASP pages and Oracle JSP

as well as static HTML content. Microsoft Windows based devices serve the ASP pages, Oracle servers handle

JSP, and a set of commodity Linux servers serve the static content. You want to direct your traffic to different

servers depending on the specific content.

Set up a pool for each of these groups called “windows”, “oracle” and “linux” respectively. The following rule

directs network traffic according to the type of content.

$path = http.getPath();

if( string.endsWith( $path, ".jsp" )) {

pool.use( "oracle" );

} else if( string.endsWith( $path, ".asp" )) {

pool.use( "windows" );

} else {

pool.use( "linux" );

}

Restricting Access Based on the Time of Day

This example only allows access to a particular service during designated office hours (between 9am and 6pm,

Monday to Friday). It discards all connections that occur outside these times.

$dayofweek = sys.time.weekDay();

$hourofday = sys.time.hour();

# $dayofweek: Sunday is 1, Saturday is 7

# $hourofday: office hours are between 9am and 5:59pm

if( $dayofweek == 1 ||

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

$dayofweek == 7 ||

$hourofday < 9 ||

$hourofday >= 18 ) {

log.warn( "Warning: access out of hours!" );

connection.discard();

}

In practice, it may be more appropriate to direct restricted traffic to a separate error pool of servers rather than

just dropping the connection without warning. The servers in the error pool can be configured to return an

appropriate error message before closing the connection. The procedure for doing this depends on the

protocol being balanced.

Customer Prioritization

This example inspects the cookie in an HTTP request. It uses the value of the cookie to determine which pool

to direct the request to. One pool is faster than the other because it contains machines that are reserved for

premium users.

A company has a customer base divided into gold and silver membership. It wishes to give priority to the gold

customers and has five servers: yellow, green, blue, black, and purple.

Two pools are created: standard, for silver customers, containing machines yellow, green and blue; and

premium, for gold customers, which includes all five of the servers. Thus black and purple are only available to

gold customers.

FIGURE 7 Customer prioritization scheme inserting cookies using TrafficScript

The site uses a cookie login system, with the customer type encoded in the cookie. Different membership

levels can be detected, and sent to the correct pool:

$cookie = http.getHeader( "cookie" );

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

if( string.contains( $cookie, "gold" )) {

pool.use( "premium" );

} else {

pool.use( "standard" );

}

Routing Based on XML Traffic

TrafficScript includes support for parsing XML documents using XPath, an industry-standard language used to

query XML documents.

XML documents are used by SOAP-based protocols such as Web Services, and enable complex data to be

exchanged and understood automatically without user intervention.

An XML document is organized into a tree structure of nodes

. Each node might contain a piece of data, or

other nodes. XPath can navigate through these nodes to extract specific data from the XML document. This

data can then be used to make routing decisions on the traffic.

The XPath 1.0 specification is available at http://www.w3.org/TR/xpath.

Example: Google Search Request

The Google™ search engine has a Web Services interface that accepts SOAP requests for search queries. A

request for a search for Pulse Secure consists of an HTTP POST containing the following XML body data:

<?xml version="1.0" encoding="UTF-8"?>

<SOAP-ENV:Envelope

xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"

SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"

xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"

xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance"

xmlns:xsd="http://www.w3.org/1999/XMLSchema">

<SOAP-ENV:Body>

<namesp1:doGoogleSearch xmlns:namesp1="urn:GoogleSearch">

<key xsi:type="xsd:string">googleUniqueID</key>

<q xsi:type="xsd:string">Pulse Secure</q>

<filter xsi:type="xsd:boolean">false</filter>

<safeSearch xsi:type="xsd:boolean">false</safeSearch>

<ie xsi:type="xsd:string">latin1</ie>

<oe xsi:type="xsd:string">latin1</oe>

</namesp1:doGoogleSearch>

</SOAP-ENV:Body>

</SOAP-ENV:Envelope>

Note that the SOAP body contains a “doGoogleSearch” node. This contains the parameters of the search

request.

1. Note that these are unrelated to Traffic Manager back-end nodes.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

An Internet service might implement or proxy doGoogleSearch requests and the Traffic Manager might be

used to manage the traffic to this service.

For example, it might be necessary to split doGoogleSearch requests according to the specified maximum

number of results. If “maxResults” is greater than 100, the request is to be sent to pool “googleLarge”,

otherwise it should be sent to pool “google”.

A TrafficScript rule can use the functions xml.XPath.MatchNodeSet() and

xml.XPath.MatchNodeCount() to query the SOAP request body and test XML nodes:

# Read the entire body of the SOAP/HTTP request

$body = http.getBody( 0 );

# XML parameters lie in the "urn:GoogleSearch" XML

# namespace:

$googlens = "xmlns:googlens=\"urn:GoogleSearch\"";

# Test for the presence of a "doGoogleSearch" node.

# If present, get the value of the "maxResults"

# parameter and choose the pool

if( xml.XPath.MatchNodeCount( $body, $googlens,

"//googlens:doGoogleSearch" ) ) {

$maxResults = xml.XPath.MatchNodeSet( $body, $googlens,

"//googlens:doGoogleSearch/maxResults/text()" );

if( $maxResults >= 100 ) {

pool.use( "googleLarge" );

} else {

pool.use( "google" );

}

Authenticating User Access

The following rule uses HTTP Basic authentication to ask the remote client for a user name and password. It

checks the client’s user name, password, and IP address using a local Web server running an authentication

application.

The rule looks for a header called “Authorization”. This should contain a string containing the word Basic,

followed by a base-64 encoded string. When decoded, this string is of the form username:password.

If the string is malformed or the user name or password is absent, the rule returns a “401 Authorization

Required” message to the client. This causes the user’s Web browser to prompt them for a user name and

password.

If a user name and password have been supplied, the rule uses these details, together with the DNS name of

the client, to query the local Web server using http.request.get(). The rule expects a “200 OK” response

from the Web server to indicate success. Any response code other than 200 results in the rule sending the

user the response “403 Forbidden”.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

Note that if the user is successfully authenticated, the rule performs no positive action with the request. It is

passed on to any other rules the Virtual Server is using, or its default pool.

# Determine the username and password, and send a

# '401 Authorization Required' header if there isn't

# one.

$authheader = http.getHeader( "Authorization" );

# Decode the Authorization header; it starts with

# 'Basic', followed by a base64 encoded

# username:password string

if( string.startsWith( $authheader, "Basic " ) ) {

$encuserpasswd = string.skip( $authheader, 6 );

$userpasswd = string.base64decode($encuserpasswd);

$i = string.find( $userpasswd, ":" );

$user = string.substring( $userpasswd, 0, $i-1 );

$password = string.skip( $userpasswd, $i+1 );

}

# If the client did not provide an Authorization

# header, indicate that authorization is required

if( $user == "" ) {

http.sendResponse( "401 Authorization required",

"text/html", "Please login\n",

"WWW-Authenticate: Basic realm=\"secure

server\"" );

}

# Check the supplied username and password by

# querying a local access server with the username,

# password and remote host.

$rhost = net.dns.resolveIP(connection.getRemoteIP());

$querystring = "user=" . string.escape( $user ) .

"&passwd=" . string.escape( $password ) .

"&rhost=" . string.escape( $rhost );

http.request.get(

"http://server/auth.cgi?" . $querystring );

if( $1 != 200 ) {

# access was denied

http.sendResponse( "403 Forbidden",

"text/html", "Access denied\n", "" );

}

# The user is allowed access

This rule could be optimized to cache responses from the local Web server, using data.set() and

data.get().

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

Synchronizing Requests and Responses

This example assumes that we are managing a simple line-based protocol. Each request is one line long,

delimited by a new-line character (\n). Each response might be very long, but is finished by a single line

containing a dot (".\n").

This protocol is similar to many simple line-based protocols like POP, IMAP or SMTP, although they each have

more sophisticated ways if indicating when a response has finished. The protocol is persistent - there might be

many requests and responses within a single connection.

You can use a simple client-first or server-first Virtual Server to manage this protocol.

You might want to intercept a particular request and return a response directly from the Traffic Manager

without forwarding the request to the back-end server, but it might be desirable to keep the connection open

and forward other requests to the server. This example permits all requests other than "HACKME\n", for which

"403 Go Away!\n.\n" is returned

A first attempt might be as follows:

# get the request

$req = request.getLine();

if( $req == "HACKME\n" ) {

request.sendResponse( "403 Go away!\n.\n" );

}

This simple filter has great potential for being subverted. A determined hacker could:

• Try sending the requests byte-by-byte to fool any parsing code (this would not work in this case).

• Try sending two requests in one packet - the first is valid, the second is “HACKME”. The above filtering

code lets the entire packet through.

• Send one request and a partial "HACK" in one packet, then send "ME\n" in a second packet when the

attacker receives the response from the first request. Our sample filter does not recognize the

fragmented "HACKME" request.

To avoid these potential errors, it is necessary to synchronize individual requests, processing each request in

turn and buffering up any additional data for the next request:

# get the request

$req = request.endsWith( "\n" );

if( $req == "HACKME\n" ) {

request.sendResponse( "403 Go away!\n.\n" );

}

Using request.endsWith() causes data to be read up to, and including, the “\n”. This data alone is then

processed, going through the request and response stage of the state machine. When a response has been

received from the server, the next request starts processing, which might contain data that was postponed

from the previous request.

This simply and effectively guards against attempts to subvert the parser by sending two requests in one, or by

sending partial requests.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

This solution has an unfortunate side effect. If a user sends two requests in quick succession, and the first

request causes the server to send a large response, with the second request being the “HACKME” message that

causes the Traffic Manager to send a response itself.

If the “HACKME“ request is received while the server is still responding to the previous request, the Traffic

Manager’s direct response might be interleaved with the server's response, resulting in a corrupt data stream

back to the client.

The solution is to synchronize responses in the data stream, so that processing of the next request is delayed

until the previous request has completed. This can be achieved with a simple response rule:

$res = response.getLine();

while( $res != ".\n" ) {

response.flush( string.len( $res ) );

$res = response.getLine();

}

The response rule does not complete until a line containing ".\n" is received. When it completes, all remaining

response data is flushed to the client and the next request is processed.

Streaming HTTP Responses

The low-level function response.flush() should not be used to manage HTTP responses. Pulse Secure

recommends using the http.stream.* functions instead.

If you wish to generate or modify an HTTP response, the simplest way to do so is to read the response in its

entirety (using http.getResponseBody()), manipulate it, and then write it using

http.setResponseBody(). However, this can be inefficient when managing large HTTP responses for the

following reasons:

• Data is not written to the client until the response rule completes. If it takes time to read the entire

response and manipulate it, this can potentially cause the client to timeout and close the connection.

• The entire response needs to be managed in memory, which can be very memory-inefficient. The

memory is not discarded until the rule has completed and the data is written to the client.

As an alternative, you can stream HTTP responses, reading and writing them in smaller quantities. Response

data is written as soon as it is available, ensuring lower memory use and better performance.

The following functions manage HTTP streaming:

Function Notes

http.stream.startResponse(

)

This function should be called before any data is written to the

client. The headers for the response as assembled and written

to the client. No response header manipulation can be

performed after this point.

http.stream.readResponse()

Reads and returns a portion of the HTTP response body,

limited by length or a delimiter character.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

The following TrafficScript rule processes HTML responses line by line, making a simple substitution:

$status = http.getResponseCode();

if( $status != 200 ) break;

$type = http.getResponseHeader("Content-Type");

if( !string.startsWith( $type, "text/") ) break;

http.stream.startResponse( $rcode, $type );

while( $line = http.stream.readResponse( 2048, "\n" ) ) {

$line = string.replaceAll( $line, "TrafficScript", "TRAFFICSCRIPT" );

http.stream.writeResponse( $line );

}

http.stream.finishResponse();

Note: The http.stream.* series of TrafficScript functions cannot be used in conjunction with the Traffic

Manager’s Web content optimization technology - Aptimizer. Executing any of these functions bypasses

Aptimizer completely and return the response directly to the client.

Managing FTP Connections

This sample TrafficScript rule manages incoming FTP connections. It implements a proxy for the login stage,

waiting until the remote user has provided a suitable user name and password.

When using this rule, configure it as a “run every time” request rule:

$req = string.trim( request.endswith( "\n" ) );

if( string.regexmatch( $req, "USER (.*)" ) ) {

connection.data.set( "user", $1 );

$msg = "331 Password required for ".$1."!!\r\n";

request.sendresponse( $msg );

break;

}

if( !string.regexmatch( $req, "PASS (.*)" ) ) {

# Are we connected?

if( connection.getNode() ) { break; }

request.sendresponse( "530 Please log in!!\r\n" );

break;

http.stream.writeResponse(

)

Writes the supplied body data to the client, but holds the

connection open for additional body data if required.

http.stream.finishResponse

()

Indicates that response streaming has finished. Rules

processing is halted and any remaining response data is sent

to the client.

Function Notes

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

}

$user = connection.data.get( "user" );

$pass = $1;

# In this case, we'll permit any password that is

# the uppercase version of the username

# Do your own authentication here; for example,

# call a remote server with http.request.get

if( string.uppercase( $user ) != $pass ) {

request.sendresponse(

"530 Incorrect user or password!!\r\n" );

break;

}

# now, replay the correct request against a new

# server instance, disconnecting from any FTP server

# we are already connected to

response.close();

connection.data.set( "state", "connecting" );

request.set(

"USER anonymous\r\nPASS ".$user."\r\n" );

# select the pool we want...

if( $user == "[email protected]" ) {

pool.select( "Traffic Manager FTP pool" );

}

if( $user == "[email protected]" ) {

pool.select( "Customer FTP pool" );

}

# the default pool is 'discard', so other users

# are dropped

To use this rule, configure it as a “run every time” response rule:

if( connection.data.get("state") == "connecting" ) {

# We've just connected. Slurp the first line

# (the serverfirst banner), the second line (the

# 331 need password) and then replace the

# serverfirst banner

$first = response.getLine();

$second = response.getLine( "\n", $1 );

$remainder = string.skip( response.get(), $1 );

response.set( $first.$remainder );

connection.data.set( "state", "" );

}

Remember to configure a server-first banner for the FTP Virtual Server.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

Troubleshooting

Writing and debugging complex TrafficScript rules is an involved process. This chapter lists some useful

techniques.

This chapter contains the following sections:

• Checking Syntax. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

• Debugging Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

• Request and Response Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

• A Special Note About pool.use and pool.select . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Checking Syntax

A syntax error occurs if you make an error in your TrafficScript rule that prevents the Traffic Manager from fully

understanding the rule.

When editing a rule in the Admin UI, you can check the syntax at any time using the Check Syntax button on

the Catalogs > Rules > Edit page.

You can also check the syntax of a TrafficScript rule from the command line using the zeus.zxtm binary as

follows:

$ export ZEUSHOME=/usr/local/zeus

$ $ZEUSHOME/zxtm/bin/zeus.zxtm --rulesyntaxcheck rulefile

Compilation failed, with 1 error

Error: line 20: Wrong number of arguments to function pool.use

pool.use( );

TrafficScript is not case-sensitive. Function names and variables can be referred to using any combination of

case.

Debugging Rules

The TrafficScript function log.info() can be used to log a message to the error log (ZEUSHOME/log/

errors).

Consider the following code:

if( string.contains( http.getPath(), "root.exe" ) ) {

log.info( "Discarding potential nimda attack" );

connection.discard();

}

This appends the following message to your error log file:

$ export ZEUSHOME=/usr/local/zeus

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

$ tail $ZEUSHOME/log/errors

[20/Dec/2014:10:24:46 +0000] INFO rules/RuleName rulelogmsginfo vservers/VSname

Discarding potential nimda attack

You can also inspect your error log file by clicking Event Log in the Traffic Manager Admin UI.

When you are debugging a rule, use log.info() to print out progress messages as the rule executes.

log.info() requires a string parameter; you can construct complex strings by appending variables and

literals together using the “.” operator:

$msg = "Received ".connection.getDataLen()." bytes.";

log.info( $msg );

The functions log.warn() and log.error() are similar to log.info(). They prefix error log messages

with a higher priority - either “WARN” or “ERROR”. Use the Event Log viewer to filter out low-priority messages.

Be careful when printing out connection data verbatim as the connection data might contain control

characters or other non-printable characters. You can encode data using either “string.hexEncode()” or

“string.escape()”.

You should use “string.hexEncode()” if the data is binary, and “string.escape()” if the data contains

readable text with a small amount of non-printable characters.

Request and Response Rules

In some circumstances, a poorly written request or response rule can stall a connection. If you call a function

such as request.getLine(), the connection can block until it receives another line of input. If you've mis-

parsed the connection and the client or server are not going to send any more input, the connection can stall

indefinitely (until it is timed out).

Take great care to correctly parse a protocol if you write a detailed handler for it. Your implementation of the

handler determines precisely how the protocol is handled. When developing such a handler, several

techniques are useful:

• Use log.info() to emit verbose debugging information, for example, when each rule starts and

when it ends.

• Use a system call tracer such as strace or truss to monitor exactly what data is being read and

written to the network.

The script ZEUSHOME/zxtm/bin/trace can assist with this. Type trace –-help for more information.

• Use tcpdump or wireshark to monitor what the client and server is sending, but be aware that if a

rule is blocked reading from the client, it does not notice that the server has sent any data.

Use the Activity > Connections page in the Admin UI to monitor the connections and individual requests

being handled by the Traffic Manager. This data can be further enhanced with the Traffic Manager’s Request

Tracing capability. With this feature enabled, use the Connections page to provide detailed information about

the time-line for each connection. This can be particularly useful by showing if a connection is being stalled

when running a TrafficScript rule. Refer to the Pulse Secure Virtual Traffic Manager: User’s Guide for more

information on this feature.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

A Special Note About pool.use and pool.select

The pool.use() and pool.select() TrafficScript functions are used to decide which Pool should be used

to send the connection to a back-end server. They each take one argument, the name of the Pool to use.

By default, pool.use() and pool.select() only accept a string literal as the Pool name:

pool.use( "my webserver pool" );

This allows the Traffic Manager to inspect a rule and determine precisely which pools are referenced by any

Virtual Servers that use the rule. This information is used as follows:

• To type check the usage of a Pool, to ensure that only configuration settings relevant to the protocol the

Pool is managing are displayed, and to ensure that the same Pool is not used by Virtual Servers that

manage different traffic protocols.

• To determine which Pools are in use, so it can monitor the behavior of the nodes.

• To display the Pools referenced by a Virtual Server, in the configuration summary, front page and other

parts of the UI.

• To determine when a Pool is no longer used, so that error information can be removed.

However, in some limited circumstances, it is efficient to use a variable to specify the desired Pool.

if( $poolname == "pool1" ) {

pool.use( "pool1" );

} else if( $poolname == "pool2" ) {

pool.use( "pool2" );

} else if( $poolname == "pool3" ) {

pool.use( "pool3" );

} else if( $poolname == "pool4" ) {

pool.use( "pool4" );

} # etc.

It would be much more preferable to write the following:

pool.use( $poolname );

To enable this behavior, enable the trafficscript!variable_pool_use setting on the System > Global Settings >

Other Settings page in the Admin UI.

Be aware that if you enable the above behavior, the Traffic Manager is not able to determine accurately which

Pools are referenced by a rule, and this limits the internal consistency checks and error monitoring that it

performs for those Pools.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

Function Reference

This chapter contains the following sections:

• TrafficScript Core Functions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

• Traffic Manager Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

TrafficScript Core Functions

TrafficScript core functions provide the basic function set for the TrafficScript language, including support for

the core TrafficScript types, mathematical functions, and date and time manipulation.

The core functions are grouped into several families:

• array.: These functions facilitate the use and manipulation of arrays within TrafficScript.

• hash.: These functions facilitate the use and manipulation of hashes (or key/value pairs) within

TrafficScript.

• json.: These functions provide the ability to convert between TrafficScript arrays/hash variables and

JavaScript Object Notation (JSON) strings.

• lang.: These functions deal with language-specific tasks like forced type conversions.

• math.: These functions provide mathematical operations.

• string.: These functions operate on strings and other sequences of data.

• string.gmtime.: These functions are used to format time values.

• sys.: These functions return operating-system related parameters, such as the hostname.

• sys.(gmtime./.localtime./.time.): These functions are used to format time values.

TrafficScript function names are not case sensitive. Therefore, the function lang.todouble() can be invoked

using lang.toDouble(), Lang.ToDouble(), and lang.todouble().

Many functions take parameters and return values with specific types. TrafficScript casts variables and values

to the appropriate type as described in “Type Casts in TrafficScript” on page 18.

array.append( array1, array2 )

Appends each element of array2 to the end of array1. Note that this behaviour is different to that of

array.push(), which would add one new element to the end of array1 containing array2. The return value of this

function can be used as the argument to another function to perform multiple operations on the same array.

Sample Usage

# Append 4, 5 and 6 to the array

$numbers = [ 1, 2, 3 ];

array.append( $numbers, [ 4, 5, 6 ] );

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

# $numbers is now [ 1, 2, 3, 4, 5, 6 ]

See also: “array.push( array, value )”

array.contains( array, value )

Returns whether or not the supplied array contains the specified value as an element. Note that it will not

match elements inside sub-arrays.

Sample Usage

$array = [ "one", "two", [ "three", "four" ] ];

# true

array.contains( $array, "one" );

# false

array.contains( $array, "three" );

See also: “array.filter( array, pattern, [flags] )”

array.copy( array )

Returns a copy of the supplied array. This is semantically equivalent to `$arraycopy = $array`, however it will

warn if the variable passed to it is not an array.

Sample Usage

# Loop around a sorted version of an array without

# permanently sorting it

$arr = [ "London", "Berlin", "Lisbon", "Paris" ];

foreach( $val in array.sort( array.copy( $arr ) )) {

log.info( $val );

}

# $arr will be unsorted here

See also: “array.create( size, [default] )”

array.create( size, [default] )

Creates a new array of the specified size and optionally fills the array with the default data.

Sample Usage

# Create an array of length 20 with all the elements

# set to zero.

$zeroarray = array.create( 20, 0 );

See also: “array.resize( array, size, [default] )”, “array.copy( array )”

array.filter( array, pattern, [flags] )

Removes elements from the supplied array that do not match the pattern. The optional 'flags' parameter

contains a string of single-letter options. The following options are supported:

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

• 'i', meaning 'case insensitive' - letters in the pattern match both upper and lower case letters.

• '!', meaning negate - elements of the array that match the regular expression are removed.

The return value of this function can be used as the argument to another function to perform multiple

operations on the same array.

Sample Usage

# Get the extension headers for this request

$headers = http.listHeaderNames();

$extensions = array.filter( $headers, "^X-", "i" );

array.join( array, [separator] )

Concatenates all the elements of the supplied array into a string separated by the separator. The elements will

be separated by a space if no separator is supplied. Note that a warning will be printed should the supplied

array itself contain any arrays or hashes.

Sample Usage

# Print a comma-separated list of names

$names = [ "alice", "bob", "mallory" ];

log.info( array.join( $names, ", " ) );

See also: “string.split( string, [separator] )”

array.length( array )

Returns the length of the supplied array

Sample Usage

# See how many HTTP headers there are

$headers = http.listHeaderNames();

log.info( "There are "

. array.length( $headers )

. " headers in this request" );

array.pop( array )

Removes the last element of the supplied array and returns it as the result of the function.

Sample Usage

$stack = [];

array.push( $stack, 3 );

array.push( $stack, 2 );

array.push( $stack, 1 );

# $stack is now [ 3, 2, 1 ];

# Prints 1 2 3

while( array.length( $stack ) > 0 ) {

log.info( array.pop( $stack ) );

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

}

See also: “array.unshift( array, value )”, “array.push( array, value )”, “array.shift( array )”

array.push( array, value )

Adds the supplied value to the end of the supplied array. The return value of this function can be used as the

argument to another function to perform multiple operations on the same array.

Sample Usage

# Append 4 to the array

$numbers = [ 1, 2, 3 ];

array.push( $numbers, 4 );

See also: “array.shift( array )”, “array.unshift( array, value )”, “array.pop( array )”

array.resize( array, size, [default] )

Resizes the supplied array to the specified size. If the size of the array is being increased and the default

parameter is specified then the new elements added to the array will be set to the default parameter. If the

new size is smaller than the original size then the appropriate number of elements will be removed from the

end of the array. The return value of this function can be used as the argument to another function to perform

multiple operations on the same array.

Sample Usage

# We're only interested in the first

# 10 lines of body data - but fill in the

# rest with blank lines if there are fewer

# than 10 lines.

$body = array.resize( http.getBodyLines(), 10, "" );

See also: “array.create( size, [default] )”

array.reverse( array )

Reverses the elements of the supplied array. The return value of this function can be used as the argument to

another function to perform multiple operations on the same array.

Sample Usage

$array = [ 1, 2, 3, [ 4, 5 ] ];

# array will be [ [ 4, 5 ], 3, 2, 1 ]

array.reverse( $array );

See also: “array.sort( array, [reverse] )”

array.shift( array )

Removes the first element of the supplied array and returns it as the result of the function.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

Sample Usage

$array = [ 1, 2, 3, 4 ];

# Empty an array from the front while printing

# its contents

while( array.length( $array ) > 0 ) {

log.info( array.shift( $array ) );

}

See also: “array.unshift( array, value )”, “array.push( array, value )”, “array.pop( array )”

array.sort( array, [reverse] )

Sorts the supplied array alphanumerically. If the optional reverse parameter is true, then the array will be

sorted in reverse. The return value of this function can be used as the argument to another function to

perform multiple operations on the same array.

Sample Usage

# Sort the keys of a hash before iterating over them

foreach( $key in array.sort( hash.keys( $hash ) ) ) {

log.info( $key . " maps to " . $hash[$keys] );

}

# Sort these numbers alphanumerically

$sorted = array.sort( [ 1, 2, 3, 4, 10, 11 ] );

# The result will be [ 1, 10, 11, 2, 3, 4 ]

# Reverse sort these numbers alphanumerically

$rev = array.sort( [ 1, 2, 3, 4, 10, 11 ], true );

# The result will be [ 4, 3, 2, 11, 10, 1 ]

See also: “array.sortNumerical( array, [reverse] )”

array.sortNumerical( array, [reverse] )

Sort the supplied array numerically in ascending order. If the optional reverse parameter is true, then the array

will be sorted in descending order. The return value of this function can be used as the argument to another

function to perform multiple operations on the same array.

Sample Usage

# Sort an array of numbers

$numbers = [ 2, 10, "3", "4", 24, "11" ];

array.sortNumerical( $numbers );

# $numbers is now [ 2, "3", "4", 10, "11", 24 ]

# Reverse sort an array of numbers

array.sortNumerical( $numbers, true );

# $numbers is now [ 24, "11", 10, "4", "3", 2 ]

See also: “array.sort( array, [reverse] )”

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

array.splice( array, offset, length, [values] )

Replace elements in the supplied array. Any elements between offset and length will be removed from the

array and any extra values specified after the length parameter will be inserted into the array at that location.

The return value of this function can be used as the argument to another function to perform multiple

operations on the same array.

Sample Usage

$numbers = [ 0, 1, 2, 3, 4, 5 ];

# Starting from element 2, remove one element

# and insert "a" and "b" into the array

array.splice( $numbers, 2, 1, "a", "b" );

# $numbers is now [ 0, 1, "a", "b", 3, 4, 5 ]

# Starting at element 0, remove 3 elements

array.splice( $numbers, 0, 3 );

# $numbers is now [ "b", 3, 4, 5 ]

See also: “array.filter( array, pattern, [flags] )”

array.unshift( array, value )

Adds the supplied value to the front of the supplied array. The return value of this function can be used as the

argument to another function to perform multiple operations on the same array.

Sample Usage

# Prepend 1 to the array

$numbers = [ 2, 3, 4 ];

array.unshift( $numbers, 1 );

See also: “array.shift( array )”, “array.push( array, value )”, “array.pop( array )”

hash.contains( hash, key )

Returns whether the supplied hash contains a particular key.

Sample Usage

# See if bob is in the hash of users

# and if so, whether his password matches

if( hash.contains( $users, "bob" ) ) {

if( $users["bob"] == $password ) {

# Access granted

} else {

# Access denied

}

} else {

# User does not exist

}

See also: “hash.keys( hash )”

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

hash.count( hash )

Returns the number of items in the hash.

Sample Usage

# See how many HTTP headers there are

$headers = http.getHeaders();

log.info( "There are "

. hash.count( $headers )

. " headers in this request" );

hash.delete( hash, key )

Deletes the specified key from the hash. The return value of this function can be used as the argument to

another function to perform multiple operations on the same hash.

Sample Usage

$hash = [ "orange" => "fruit",

"apple" => "fruit",

"cabbage" => "vegetable",

"pear" => "fruit" ];

hash.delete( $hash, "cabbage" );

# keys will be orange, apple and pear

$keys = hash.keys( $hash );

See also: “hash.keys( hash )”

hash.empty( hash )

Removes all the values from the hash. The return value of this function can be used as the argument to

another function to perform multiple operations on the same hash.

Sample Usage

# Empty the contents of a hypothetical set object

sub set.empty( $set ) {

# You cannot do '$set = [];' here because that

# would be reassigning the input variable

hash.empty( $set );

}

set.empty( $my_set );

See also: “hash.keys( hash )”

hash.keys( hash )

Returns an array containing the keys that map to values in the supplied hash data structure.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

Sample Usage

# Get the set of IPs that have connected to the site

$ips = data.get( "connected_ips" );

$ips[request.getRemoteIP()] = 1;

data.set( "connected_ips", $ips );

$connected_set = hash.keys( $ips );

log.info( array.length( $connected_set ) .

" unique IPs have connected to the site" );

See also: “hash.keys( hash )”

json.deserialize( json_string )

Converts the supplied string in JavaScript Object Notation (JSON) into a TrafficScript array or hash variable. If

the supplied string is not in the correct format then a warning will be printed and the result will be empty.

Sample Usage

# Deserialising a JSON array

$json_array = '[ "element 1", "element 2" ]';

$array = json.deserialize( $json_array );

# Deserialising a JSON hash

$json_object = '{ "key 1":"value 1", \

"key 2":[ "array element" ] }';

$hash = json.deserialize( $json_object );

See also: “json.serialize( object )”

json.serialize( object )

Converts the supplied array or hash variable into JavaScript Object Notation (JSON). This format is commonly

used to exchange data between online applications.

Sample Usage

# Serialising an array

$array = [ "element 1", "element 2" ];

$json_array = json.serialize( $array );

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

# Serialising a hash

$hash = [ "key 1" => "value 1",

"key 2" => [ "array element" ] ];

$json_object = json.serialize( $hash );

See also: “json.deserialize( json_string )”

lang.assert( condition, message )

If the condition is false, prints a warning to the log with the current line number and terminates the rule. If the

condition is true then no messages will be printed and the rule will continue as normal.

Sample Usage

# Make sure that this rule is only run with

# Virtual Servers that are using SSL Decryption.

lang.assert( ssl.isSSL(),

"This rule should only be used \

with decrypted SSL connections" );

See also: “ssl.isSSL()”

Restrictions

Can only be used with TCP-based protocols.

ssl.clientCertAlgorithm()

If the connection is SSL-encrypted and the client has supplied a valid certificate, then this returns either

"rsaEncryption", "md2withRSAEncryption", "md5withRSAEncryption", "sha1withRSAEncryption", "RSA",

"sha256withRSAEncryption", "sha384withRSAEncryption", "sha512withRSAEncryption", "DSA with SHA-1", "DSA

with SHA-224", "DSA with SHA-256", "ECDSA with SHA-1", "ECDSA with SHA-224", "ECDSA with SHA-256",

"ECDSA with SHA-384", or "ECDSA with SHA-512" depending on the certificate's encryption and hash

algorithms. Otherwise, it returns the empty string.

Sample Usage

# Display the client certificate algorithm

$alg = ssl.clientCertAlgorithm();

log.info( "Certificate alg: ".$alg );

See also: “ssl.isSSL()”

Restrictions

Can only be used with TCP-based protocols.

ssl.clientCertChain()

Returns a multi-line string, with each line being the PEM encoding of a certificate in the chain from the client, or

the empty string if the connection was not SSL-encrypted or if a certificate was not supplied.

Sample Usage

# Display the client certificate data

$cert = ssl.clientCertChain();

log.info( "Certificate Chain: " . $cert );

See also: “ssl.isSSL()”, “ssl.clientCert()”

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

Restrictions

Can only be used with TCP-based protocols.

ssl.clientCertCommonName()

Returns the common name of the client certificate, or the empty string if the connection was not SSL-

encrypted or if a certificate was not supplied.

Sample Usage

$common_name = ssl.clientCertCommonName();

log.info( "Certificate common name: ".$common_name );

See also: “ssl.isSSL()”

Restrictions

Can only be used with TCP-based protocols.

ssl.clientCertEndDate()

If the connection is SSL-encrypted and the client has supplied a valid certificate, then this returns the date

when the certificate is no longer valid. The date is an integer, representing seconds since the epoch.

Otherwise, this function returns 0.

Sample Usage

# Display the client certificate end date

$end = ssl.clientCertEndDate();

log.info( "Certificate is valid until ".

sys.timeToString( $end ) );

See also: “ssl.isSSL()”, “ssl.clientCertStartDate()”, “sys.timeToString( unixtime )”

Restrictions

Can only be used with TCP-based protocols.

ssl.clientCertHash()

Returns a hex-encoded MD5 hash of the client certificate, or the empty string if the connection was not SSL-

encrypted, if a certificate was not supplied or if the MD5 algorithm is unavailable (e.g. when operating in FIPS

Mode).

Sample Usage

# Display the client certificate hash

$hash = ssl.clientCertHash();

log.info( "Certificate hash: ".$hash );

See also: “ssl.isSSL()”, “ssl.clientCertSHA1()”, “sys.isFIPS()”

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

Restrictions

Can only be used with TCP-based protocols.

ssl.clientCertIssuer()

Returns a string representing the issuer of the client certificate, or the empty string if the connection was not

SSL-encrypted or if a certificate was not supplied.

Sample Usage

# Display the client certificate issuer

$issuer = ssl.clientCertIssuer();

log.info( "Certificate issuer: ".$issuer );

See also: “ssl.isSSL()”

Restrictions

Can only be used with TCP-based protocols.

ssl.clientCertPublicKey()

Returns a string representation of the public key of the client certificate, or the empty string if the connection

was not SSL-encrypted or if a certificate was not supplied.

Sample Usage

# Display the client certificate key

$key = ssl.clientCertPublicKey();

log.info( "Certificate key: ".$key );

See also: “ssl.isSSL()”

Restrictions

Can only be used with TCP-based protocols.

ssl.clientCertSHA1()

Returns a hex-encoded SHA1 fingerprint of the client certificate, or the empty string if the connection was not

SSL-encrypted or if a certificate was not supplied.

Sample Usage

# Display the client certificate SHA1 fingerprint

$sha1 = ssl.clientCertSHA1();

log.info( "Certificate SHA1 fingerprint: " . $sha1 );

See also: “ssl.isSSL()”, “ssl.clientCertHash()”

Restrictions

Can only be used with TCP-based protocols.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

ssl.clientCertSerial()

Returns the serial (in hex) of the client certificate, or the empty string if the connection was not SSL-encrypted

or if a certificate was not supplied.

Sample Usage

# Display the client certificate serial

$serial = ssl.clientCertSerial();

log.info( "Certificate serial: ".$serial );

See also: “ssl.clientCertSerialDec()”

Restrictions

Can only be used with TCP-based protocols.

ssl.clientCertSerialDec()

Returns the serial (in decimal) of the client certificate, or the empty string if the connection was not SSL-

encrypted or if a certificate was not supplied.

Sample Usage

# Display the client certificate serial in decimal

$serial = ssl.clientCertSerialDec();

log.info( "Certificate serial: ".$serial );

See also: “ssl.isSSL()”

Restrictions

Can only be used with TCP-based protocols.

ssl.clientCertSubject()

Returns a string representing the subject of the client certificate, or the empty string if the connection was not

SSL-encrypted or if a certificate was not supplied.

Sample Usage

# Display the client certificate subject

$subject = ssl.clientCertSubject();

log.info( "Certificate subject: ".$subject );

See also: “ssl.isSSL()”

Restrictions

Can only be used with TCP-based protocols.

ssl.clientCertVersion()

Returns "1", "2" or "3" denoting the version of the client certificate, or the empty string if the connection was

not SSL-encrypted or if a certificate was not supplied.

Sample Usage

# Display the client certificate version

$version = ssl.clientCertVersion();

log.info( "Certificate version: ".$version );

See also: “ssl.isSSL()”

Restrictions

Can only be used with TCP-based protocols.

ssl.clientCipher()

Returns the cipher used by the client to SSL-encrypt the connection. It returns an empty string if the

connection was not SSL-encrypted.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

The string returned contains the cipher algorithm, SSL version and effective cipher strength, such as:

SSL_RSA_WITH_AES_128_GCM_SHA256, version=TLSv1.2, bits=128

Sample Usage

# Get the encryption cipher

$cipher = ssl.clientCipher();

log.info( "Encrypted with ".$cipher );

See also: “ssl.isSSL()”

Restrictions

Can only be used with TCP-based protocols.

ssl.clientSupportsSecureRenegotiation()

Returns true if the client is RFC 5746 compliant, else false. Note that connections made with TLS 1.3 will not

allow renegotiation, and that the HTTP/2 protocol also forbids renegotiation.

Sample Usage

if( ssl.isSSL() ) {

# gather statistics about client-side support

# for RFC 5746

if( ssl.clientSupportsSecureRenegotiation() ) {

counter.increment( 1 );

} else {

counter.increment( 2 );

}

See also: “ssl.requireCert()”, “ssl.requestCert()”, “ssl.isSSL()”

Restrictions

Can only be used with TCP-based protocols.

ssl.getClientCloseAlert()

Check whether your traffic manager will send the SSL client an SSL close alert prior to terminating the TCP

connection. The function will return a value of 1 if close alerts are enabled, and 0 if they are disabled. The

function will return -1 if the client-side connection is not established, or is not an SSL connection.

Sample Usage

if( ssl.isSSL() ) {

$alert = ssl.getClientCloseAlert();

log.info( "client close alert: " . $alert );

}

See also: “ssl.isSSL()”, “ssl.setClientCloseAlert( alertflag )”, “ssl.setServerCloseAlert( alertflag )”,

“ssl.getServerCloseAlert()”

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

Restrictions

Can only be used with TCP-based protocols.

ssl.getServerCloseAlert()

Check whether your traffic manager will send the SSL server an SSL close alert prior to terminating the TCP

connection. The function will return a value of 1 if close alerts are enabled, and 0 if they are disabled. The

function will return -1 if the connection is not an SSL connection, or if the server-side connection is not yet

established (i.e. it should typically only be used in response rules.)

Sample Usage

if( ssl.isSSL() ) {

$alert = ssl.getServerCloseAlert();

log.info( "server close alert: " . $alert );

}

See also: “ssl.isSSL()”, “ssl.setServerCloseAlert( alertflag )”, “ssl.setClientCloseAlert( alertflag )”,

“ssl.getClientCloseAlert()”

Restrictions

Can only be used with TCP-based protocols.

ssl.getTLSServerName()

Returns the hostname provided by the client using the TLS 1.0 'server_name' extension. If this connection is

not using SSL decryption or the client did use the extension then this function returns the empty string.

Sample Usage

$name = ssl.getTLSServerName();

log.info( "The client provided " .

"the server name: " . $name );

See also: “ssl.isSSL()”, “ssl.setTLSServerName( servername )”

Restrictions

Can only be used with TCP-based protocols.

ssl.isSSL()

Returns 1 if this connection from the remote client was SSL encrypted and your traffic manager has decrypted

the traffic. Otherwise, it returns 0.

Sample Usage

if( ssl.isSSL() ) {

# This is an SSL-encrypted connection ...

}

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

Restrictions

Can only be used with TCP-based protocols.

ssl.requestCert()

Initiates an SSL renegotiation with the client, requesting a certificate. Even if the client fails to provide a

certificate, rule processing continues after the re-handshake is complete. If the client had already provided a

certificate, this function does nothing and rule processing continues. If the underlying connection is not SSL,

the transaction is aborted (i.e., this is interpreted as a failed re-handshake). If the connection is made at TLS

version 1.3 renegotiation is not available and the connection will be closed. If the underlying connection is

HTTP/2, renegotiation is not attempted. (i.e. this function has no effect). Secure renegotiation is forbidden by

HTTP/2. Note that using this function overrides the setting ssl!allow_rehandshake. It is strongly recommended

to check for client-side support of RFC 5746 before using it, see ssl.clientSupportsSecureRenegotiation.

Sample Usage

$path = http.getPath();

if( string.startsWith( $path, "/admin" ) ) {

# Only let certain people see this data ...

if( ssl.clientSupportsSecureRenegotiation() ) {

ssl.requestCert();

if( ssl.clientCertStatus() != "OK" ) {

http.sendResponse( 403, "text/plain",

"Valid SSL credentials are required",

"" );

} else {

# allow the original request to

# continue, client provided an

# acceptable certificate.

break;

}

} else {

http.sendResponse( 403, "text/plain",

"Client certificate authentication ".

"required", "" );

}

See also: “ssl.clientSupportsSecureRenegotiation()”, “ssl.requireCert()”

Restrictions

Can only be used with TCP-based protocols, Cannot be used in completion rules.

ssl.requireCert()

Initiates an SSL renegotiation with the client, requiring a certificate. If the client fails to provide a valid cert, the

connection is closed with an SSL alert of type handshake_failure. Otherwise, rule processing continues after

the re-handshake is complete. If the client had already provided a certificate, this function does nothing and

rule processing continues. If the underlying connection is not SSL, the transaction is aborted (i.e., this is

interpreted as a failed re-handshake). If the connection is made at TLS version 1.3 renegotiation is not

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

available and the connection will be closed. If the underlying connection is HTTP/2, the transaction is aborted,

and the client is sent the error HTTP_1_1_REQUIRED. Secure renegotiation is forbidden by HTTP/2. Note that

using this function overrides the setting ssl!allow_rehandshake. It is strongly recommended to check for client-

side support of RFC 5746 before using it, see ssl.clientSupportsSecureRenegotiation.

Sample Usage

$path = http.getPath();

if( string.startsWith( $path, "/admin" ) ) {

# Only let certain people see this data ...

if( ssl.clientSupportsSecureRenegotiation() ) {

ssl.requireCert();

} else {

http.sendResponse( 403, "text/plain",

"Client certificate authentication ".

"required", "" );

}

See also: “ssl.clientSupportsSecureRenegotiation()”, “ssl.requestCert()”

Restrictions

Can only be used with TCP-based protocols, Cannot be used in completion rules.

ssl.serverCert()

Returns a PEM encoded version of the entire certificate being used by your traffic manager for this connection.

If this virtual server is not using SSL decryption then this function will return the empty string.

Sample Usage

$cert = ssl.serverCert();

log.info( "Server certificate: " . $cert );

See also: “ssl.isSSL()”

Restrictions

Can only be used with TCP-based protocols.

ssl.serverCertAlgorithm()

Returns a description of the algorithms being used by the virtual server's current certificate. This will either be

"rsaEncryption", "md2withRSAEncryption", "md5withRSAEncryption", "sha1withRSAEncryption", "RSA",

"sha256withRSAEncryption", "sha384withRSAEncryption", "sha512withRSAEncryption", "DSA with SHA-1", "DSA

with SHA-224", "DSA with SHA-256", "ECDSA with SHA-1", "ECDSA with SHA-224", "ECDSA with SHA-256",

"ECDSA with SHA-384" or "ECDSA with SHA-512". If this virtual server is not using SSL decryption (or the

algorithm type is not recognised) then this function will return the empty string.

Sample Usage

$alg = ssl.serverCertAlgorithm();

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

log.info( "Server cert algorithm: " . $alg );

See also: “ssl.isSSL()”

Restrictions

Can only be used with TCP-based protocols.

ssl.serverCertCommonName()

Returns the common name of the certificate being used by your traffic manager for this connection. If this

virtual server is not using SSL decryption then this function will return the empty string.

Sample Usage

$common_name = ssl.serverCertCommonName();

if( http.getHostHeader() != $common_name ) {

log.warn( "Client browser may report certificate".

" as invalid." );

}

See also: “ssl.isSSL()”

Restrictions

Can only be used with TCP-based protocols.

ssl.serverCertEndDate()

Returns the date that the certificate being used by your traffic manager for this connection became valid. The

date is an integer, representing the number of seconds since the epoch. If this virtual server is not using SSL

decryption then this function will return the empty string.

Sample Usage

$end = ssl.serverCertEndDate();

if( $time < sys.time() ) {

log.warn( "Using out of date certificate!" );

}

See also: “ssl.isSSL()”, “ssl.serverCertStartDate()”, “sys.time()”, “sys.timeToString( unixtime )”

Restrictions

Can only be used with TCP-based protocols.

ssl.serverCertHash()

Returns the hex-encoded MD5 hash of the certificate being used by your traffic manager for this connection. If

this virtual server is not using SSL decryption or if the MD5 algorithm is unavailable (e.g. when operating in FIPS

Mode) then this function will return the empty string.

Sample Usage

$md5 = ssl.serverCertHash();

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

log.info( "Server Cert Hash: " . $md5 );

See also: “ssl.isSSL()”, “ssl.serverCertSHA1()”, “sys.isFIPS()”

Restrictions

Can only be used with TCP-based protocols.

ssl.serverCertIssuer()

Returns a string with the issuer data of the certificate being used by your traffic manager for this connection

(each field is separated by commas). If this virtual server is not using SSL decryption then this function will

return the empty string.

Sample Usage

$issuer = ssl.serverCertIssuer();

if( ssl.serverCertSubject() == $issuer ) {

log.info( "Certificate is self-signed" );

}

See also: “ssl.isSSL()”, “ssl.serverCertSubject()”

Restrictions

Can only be used with TCP-based protocols.

ssl.serverCertName()

Returns the name of the certificate being used by the virtual server for this connection. This is the name used

to identify the certificate in the UI. If this virtual server is not using SSL decryption then this function will return

the empty string.

Sample Usage

$name = ssl.serverCertName();

log.info( "Using server cert: " . $name );

See also: “ssl.isSSL()”

Restrictions

Can only be used with TCP-based protocols.

ssl.serverCertPublicKey()

Returns information about the public key of the certificate being used by your traffic manager for this

connection. If this virtual server is not using SSL decryption then this function will return the empty string.

Sample Usage

# Returns public key information,

# e.g. "RSA (1024 bit)"

$public_key = ssl.serverCertPublicKey();

log.info( "Certificate public key: " . $public_key );

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

See also: “ssl.isSSL()”

Restrictions

Can only be used with TCP-based protocols.

ssl.serverCertSHA1()

Returns the hex-encoded SHA1 fingerprint of the certificate being used by your traffic manager for this

connection. If this virtual server is not using SSL decryption then this function will return the empty string.

Sample Usage

$sha1 = ssl.serverCertSHA1();

log.info( "Server Cert SHA1 Fingerprint: " . $sha1 );

See also: “ssl.isSSL()”, “ssl.serverCertHash()”

Restrictions

Can only be used with TCP-based protocols.

ssl.serverCertSerial()

Returns a string with the serial number (in hex) of the certificate being used by your traffic manager for this

connection. If this virtual server is not using SSL decryption then this function will return the empty string.

Sample Usage

$serial = ssl.serverCertSerial();

log.info( "Server certificate serial: " . $serial );

See also: “ssl.isSSL()”

Restrictions

Can only be used with TCP-based protocols.

ssl.serverCertStartDate()

Returns the date the certificate being used by your traffic manager for this connection became valid. The date

is an integer, representing the number of seconds since the epoch. If this virtual server is not using SSL

decryption then this function will return the empty string.

Sample Usage

$start = ssl.serverCertStartDate();

log.info( "Server Certificate is valid from ".

sys.timeToString( $start ) );

See also: “ssl.isSSL()”, “ssl.serverCertEndDate()”, “sys.time()”, “sys.timeToString( unixtime )”

Restrictions

Can only be used with TCP-based protocols.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

ssl.serverCertSubject()

Returns the subject data of the certificate being used by your traffic manager for this connection (each field is

separated by commas). If this virtual server is not using SSL decryption then this function will return the empty

string.

Sample Usage

# Returns the subject information of the cert,

# e.g. C=GB, L=Cambridge, O=Zeus, CN=foo.com

$subject = ssl.serverCertSubject();

log.info( "Server cert subject: " . $subject );

See also: “ssl.isSSL()”, “ssl.serverCertIssuer()”

Restrictions

Can only be used with TCP-based protocols.

ssl.serverCertVersion()

Returns the version of the certificate being used by your traffic manager for this connection (either "1", "2" or

"3"). If this virtual server is not using SSL decryption then this function will return the empty string.

Sample Usage

$version = ssl.serverCertVersion();

log.info( "Server Cert Version: " . $version );

See also: “ssl.isSSL()”

Restrictions

Can only be used with TCP-based protocols.

ssl.serverSiteName()

Returns the hostname or IP address that was used to select the current server certificate. If the default

certificate was used, or the current connection is not encrypted, the empty string is returned.

Sample Usage

$site_name = ssl.serverSiteName();

if( ssl.isSSL() && $site_name == "" ) {

# The default certificate was used

}

See also: “ssl.isSSL()”

Restrictions

Can only be used with TCP-based protocols.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

ssl.setClientCloseAlert( alertflag )

Sets whether your traffic manager will send the SSL client an SSL close alert prior to terminating the TCP

connection. An value of 0 will disable close alerts, a non-zero value will enable close alerts. This setting also

applies to related connections, such as data transfer channels related to FTP command channels. If the

connection with the client is not an SSL connection then calling this function will do nothing.

Sample Usage

if( ssl.isSSL() ) {

# Ensure close alerts are enabled.

ssl.setClientCloseAlert( 1 );

}

See also: “ssl.isSSL()”, “ssl.getClientCloseAlert()”, “ssl.setServerCloseAlert( alertflag )”,

“ssl.getServerCloseAlert()”

Restrictions

Can only be used with TCP-based protocols.

ssl.setServerCloseAlert( alertflag )

Sets whether your traffic manager will send the SSL server an SSL close alert prior to terminating the TCP

connection. A value of 0 will disable close alerts, a non-zero value will enable close alerts. This setting also

applies to related connections, such as data transfer channels related to FTP command channels. Note that

this function will only work on SSL connections and the server side connection must be established (i.e. it

should typically only be used in response rules.)

Sample Usage

if( ssl.isSSL() ) {

# Ensure close alerts are enabled.

ssl.setServerCloseAlert( 1 );

}

See also: “ssl.isSSL()”, “ssl.getServerCloseAlert()”, “ssl.setClientCloseAlert( alertflag )”,

“ssl.getClientCloseAlert()”

Restrictions

Can only be used with TCP-based protocols.

ssl.setTLSServerName( servername )

Instructs your traffic manager to use the specified hostname when using the TLS 1.0 server_name extension.

This method only works if the back end pool has SSL encryption and the server_name option enabled. Using

the empty string as this function's parameter will make your traffic manager use the hostname of the node

that it is connecting to.

Sample Usage

# Use the hostname foo in the TLS 1.0 server_name

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

# extension

ssl.setTLSServerName( "foo" );

See also: “ssl.isSSL()”, “ssl.getTLSServerName()”

Restrictions

Can only be used with TCP-based protocols.

ssl.sslKeyLogLine()

If the ssl!log_keys global config key is enabled the function will return a key log line (or lines for TLS 1.3) suitable

for use in Wireshark's SSL key log. If ssl!log_keys is disabled, the empty string will always be returned.

Sample Usage

# Get the SSL key log

$keylogline = ssl.sslKeyLogLine();

log.info( "SSL key log: " . $keylogline );

See also: “ssl.isSSL()”

Restrictions

Can only be used with TCP-based protocols.

ssl.sslSessionID()

Returns the session ID of the current SSL connection as a hex-encoded string. An empty string is returned if

the connection is not SSL-encrypted, or if no session ID is available. For example, no session id is available if

SSL resumption is disabled (pre-TLS 1.3) or if the protocol version is TLS 1.3 or later. This function can also be

used with SSL pass-through traffic. When used in a request rule the traffic manager will look for a session ID

provided in the ClientHello. Clients provide session IDs only if they are trying to resume a previously used SSL

session. If the client did not provide a session ID, this function will return an empty string.

When used in a response rule with SSL pass-through traffic, this function will return the session ID provided in

the ServerHello. This might be the same as the session ID sent by the client If the client attempted to resume

the session, but this is not guaranteed.

Sample Usage

# Get the SSL session ID

$sessionid = ssl.sslSessionID();

log.info( "SessionID: " . $sessionid );

See also: “ssl.isSSL()”

Restrictions

Can only be used with TCP-based protocols.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

stats.getQueueTime()

Returns the amount of time, in milliseconds, that the client spent queueing to connect to the server due to

backend connection limits.

Sample Usage

# Keep a record of how many connections

# queue for longer than 1 second.

if( stats.getQueueTime() > 1000 ) {

# Increment user counter 1

counter.increment( 1 );

}

stats.getServerResponseTime()

Returns the amount of time, in milliseconds, between sending the first byte of the request to the server, and

receiving a response.

In the case of HTTP, SIP and RTSP this is the time until the traffic manager has received a full set of headers

from the server. For all other protocols, it is the time until the traffic manager has received the first byte of the

response from the server.

If the server has not sent a response, this function will return 0.

Sample Usage

# Emit an event when the server takes a

# particularly long time to respond to a

# request.

if( stats.getServerResponseTime() > 30000 ) {

event.emit( "slowresponse", http.getRawURL() );

}

stats.getTransactionDuration()

Returns the amount of time, in milliseconds, for which the current transaction has been active, from the time

the first byte was received from the client to the current time.

If used in a transaction completion rule, this will be the total duration of the transaction.

Sample Usage

# Record this connection on the recent connections

# page if it took more than 5 seconds to complete

if( stats.getTransactionDuration() > 5000 ) {

recentconns.include();

}

sys.getRestApiPort()

Returns the TCP port number used by the REST API, such as 9070.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

Sample Usage

# get the REST API port

$restport = sys.getRestApiPort();

# use that to get the root node from the REST API

$body = http.request.get(

"http://localhost:".$restport."/");

# in this case an 'error: authentication required'

# type response

# will be returned

sys.isFIPS()

Returns 1 if the traffic manager is operating in FIPS Mode, otherwise it returns 0.

Sample Usage

if( sys.isFIPS() ) {

# FIPS Mode is in operation

}

tcp.close( sock )

Close a previously opened TCP socket. A non-zero return value indicates a successful close, if 0 is returned

then an error occurred and an error string will be in '$1'.

If a rule fails to close a TCP socket, it will be closed automatically when the Virtual Server connection finishes.

Sample Usage

$sock = tcp.connect( "10.100.1.5", 7 );

tcp.close( $sock );

See also: “tcp.connect( ip, port, [timeout] )”, “tcp.write( socket, data, [timeout] )”, “tcp.read( socket,

maximum, [timeout] )”

Restrictions

Cannot be used in completion rules.

tcp.connect( ip, port, [timeout] )

Create a new TCP socket to the supplied IP address and port. This function will return a socket handle that can

be used by other tcp.* functions. The created TCP socket is unique to this connection, and can't be used by

other connections.

An optional timeout can be specified in milliseconds. If a connection has not been established within this time

the function will return 0 and $1 will be set to "timeout".

Note that if the Virtual Server connection times out before this socket has been established then the

connection will be terminated.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

Returns 0 on error (with an error message in $1).

Sample Usage

$sock = tcp.connect( "::1", 3306 );

if( ! $sock ) {

log.error( "Error: " . $1 );

}

See also: “tcp.write( socket, data, [timeout] )”, “tcp.read( socket, maximum, [timeout] )”, “tcp.close( sock )”

Restrictions

Cannot be used in completion rules.

tcp.read( socket, maximum, [timeout] )

Read data from a previously opened TCP connection. The function waits until data is available on the TCP

socket, and will then return the available data (up to the specified 'maximum'). If an error occurs an empty

string will be returned and $1 will contain an error message, or 0 if the connection has been closed.

An optional timeout can be specified in milliseconds. If a no data has been read within this time the function

will return an empty string and $1 will be set to "timeout".

Note that if the Virtual Server connection times out before any data has been read then the connection will

terminated.

Sample Usage

# Read from a TCP socket, ensuring we get 1024 bytes

$amount = 1024;

$buf = '';

while( string.len( $buf ) != $amount ) {

$data = tcp.read( $sock, $amount -

string.len( $buf ) );

if( $data == "" ) {

$buf = '';

break;

}

$buf .= $data;

}

See also: “tcp.connect( ip, port, [timeout] )”, “tcp.write( socket, data, [timeout] )”, “tcp.close( sock )”

Restrictions

Cannot be used in completion rules.

tcp.write( socket, data, [timeout] )

Writes all of the supplied data to a TCP socket. The function will return the number of bytes written. If an error

occurs then -1 will be returned, and $1 will contain an error message.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

An optional timeout can be specified in milliseconds. After this time the number of bytes written will be

returned, and $1 will contain the string 'timeout'.

Note that if the Virtual Server connection times out before the data has been written then the connection will

be terminated.

Sample Usage

$sock = tcp.connect( "10.100.1.5", 7 );

tcp.write( $sock, "Ping\n" );

See also: “tcp.connect( ip, port, [timeout] )”, “tcp.read( socket, maximum, [timeout] )”, “tcp.close( sock )”

Restrictions

Cannot be used in completion rules.

udp.sendTo( host, port, data )

Send some data via UDP to ip:port.

If successful, returns the number of bytes written. A return value of -1 indicates a failure; in this case an error

string will be stored in '$1'.

Sample Usage

$res = udp.sendTo( "10.100.1.5", 82, "ping" );

if( $res == -1 ) {

log.warn( "Error sending data: " . $1 );

}

See also: “tcp.connect( ip, port, [timeout] )”, “tcp.write( socket, data, [timeout] )”, “tcp.read( socket,

maximum, [timeout] )”

xml.validate( document, DTD ) - deprecated

This function has been deprecated. Use instead “xml.validate.dtd( document, DTD )”.

Validates an XML document against a DTD. It returns 1 if the document validated correctly, and 0 if it did not. It

returns -1 if there was an error parsing the XML document or the DTD.

The XML processing functionality must be enabled by the software license.

xml.validate.dtd( document, DTD )

Validates an XML document against a DTD. It returns 1 if the document validated correctly, and 0 if it did not. It

returns -1 if there was an error parsing the XML document or the DTD.

The XML processing functionality must be enabled by the software license.

Sample Usage

# Validate the HTTP body against the DTD stored in

# the resource 'mydtd'

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

$theDoc = http.getBody( 0 );

$theDTD = resource.get( "mydtd" );

if( xml.validate.dtd( $theDoc, $theDTD ) != 1 ) {

# validation failed ...

}

See also: “xml.validate.xsd( document, schema )”

xml.validate.xsd( document, schema )

Validates an XML document against an XML schema. It returns 1 if the document validated correctly, and 0 if it

did not. It returns -1 if there was an error parsing the XML document or the schema.

If the schema against which the document is being validated needs to import another schema file, it will search

for it inside Catalog > Extra Files > Miscellaneous Files.

The XML processing functionality must be enabled by the software license.

Sample Usage

# Validate the HTTP body against the schema stored in

# the resource 'myschema'

$theDoc = http.getBody( 0 );

$theSchema = resource.get( "myschema" );

if( xml.validate.xsd( $theDoc, $theSchema ) != 1 ) {

# validation failed ...

}

See also: “xml.validate.dtd( document, DTD )”

xml.xpath.matchNodeCount( doc, nspacemap, query )

Applies an XPath query to the supplied XML document. It returns the number of entries in the result node set.

The function will return -1 if there was an error parsing the XML document, XML namespace or XPath query.

Namespaces can be used in the XPath query by defining them in the "nspacemap" parameter. This parameter

is specified as a space-separated list of identifiers mapped to namespaces. For example, specifying

'xmlns:myns=http://www.example.com/mynamespace' allows you to use the identifier 'myns' in the XPath

query to find elements in the 'http://www.example.com/mynamespace' namespace within the XML document.

The XML processing functionality must be enabled by the software license.

Sample Usage

# A sample XML document

$theDoc =

'<?xml version="1.0" encoding="UTF-8"?>

<mybook xmlns="http://www.example.com/book"

xmlns:recent="http://www.example.com/newitems">

<recent:item>Item 2</recent:item>

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

<recent:item>Item 4</recent:item>

</mybook>

# How many items are in the 'newitems' namespace

# under the 'mybook' element of the 'book' namespace?

# Note: namespace identifiers in the XPath query

# do not have to be the same as those used in the XML

# document itself.

$items = xml.xpath.matchNodeCount(

$theDoc,

"xmlns:book=http://www.example.com/book ".

"xmlns:new=http://www.example.com/newitems",

"//book:mybook/new:item"

);

# $items = 2

See also: “xml.xpath.matchNodeSet( doc, nspacemap, query )”

xml.xpath.matchNodeSet( doc, nspacemap, query )

Applies an XPath query to the supplied XML document. It returns a string representation of the result node

set.

The function will return an empty string if there was an error parsing the XML document, XML namespace or

XPath query.

Namespaces can be used in the XPath query by defining them in the "nspacemap" parameter. This parameter

is specified as a space-separated list of identifiers mapped to namespaces. For example, specifying

'xmlns:myns=http://www.example.com/mynamespace' allows you to use the identifier 'myns' in the XPath

query to find elements in the 'http://www.example.com/mynamespace' namespace within the XML document.

The XML processing functionality must be enabled by the software license.

Sample Usage

# A sample XML document

$theDoc =

'<?xml version="1.0" encoding="UTF-8"?>

<mybook xmlns="http://www.example.com/book"

xmlns:recent="http://www.example.com/newitems">

<recent:item>Item 2</recent:item>

</mybook>

# Get the value of the 'item' node in the 'newitems'

# namespace under the 'mybook' element of the 'book'

# namespace.

# Note: namespace identifiers in the XPath query

# do not have to be the same as those used in the XML

# document itself.

Pulse Secure Virtual Traffic Manager: TrafficScript Guide

$set = xml.xpath.matchNodeSet(

$theDoc,

"xmlns:book=http://www.example.com/book ".

"xmlns:new=http://www.example.com/newitems",

"//book:mybook/new:item/text()"

);

# $set = 'Item 2'

See also: “xml.xpath.matchNodeCount( doc, nspacemap, query )”

xml.xslt.transform( document, stylesheet )

Performs an XSLT transformation on a XML document. It returns the transformed document, or -1 on failure.

The XML processing functionality must be enabled by the software license.

Sample Usage

# Perform XSLT transformation on supplied POST XML

# data, and return the HTML result to the client.

$response = xml.xslt.transform( http.getbody( 0 ),

resource.get( "people.xsl" ));

http.sendResponse( "200 OK", "text/html",

$response, "" );

Pulse Secure Virtual Traffic Manager: TrafficScript Guide