Policies with GSLB Wildcard Location expressions not getting a hit on build 11.1-53.11 and above
Article ID: CTX232884
Updated On:
Description
Policies with GSLB Wildcard Location expressions not getting a hit on build 11.1-53.11 and above. For example, if we have a policy configured with Location Wildcard expression "North America.US.*.*.*.*" :
and a request comes from Source IP with location as "North America.US.Illinois.*.Chicago.*" (as per the location database installed on NetScaler), then it will not match the wildcard expression and the policy will not get a hit.
However, if you configure a policy with exact match, i.e. with Location Expression "North America.US.Illinois.*.Chicago.*" or on the basis of IP, it will work :
The policy will also get a hit if the request comes from an IP which falls under "North America.US.*.*.*.*" as it would be an exact match and not wildcard match. For example :
Resolution
From 11.1-53.11 onwards, we have to manually enable wildcard matches by enabling the parameter using the below command:
set locationParameter -matchWildcardtoany YES
Problem Cause
There was an enhancement done on the NetScaler in build 11.1-53.11, after which the wildcard matches for a specific GEO (US in example case) were disabled by default. Here is the description as per the release notes:
- The GEO rule for wildcard qualifiers matched any other qualifier. With this fix, the matchWildcardtoany option in the set locationParameter command is set to NO and hence the wildcard qualifiers do not match any other qualifier, by default.
[# 665771]
You may go through the below links for more details :
https://docs.citrix.com/content/dam/docs/en-us/netscaler/11-1/release-notes/NS_11_1_53_11.html
https://support.citrix.com/article/CTX130701
Issue/Introduction
