Chapter 3: Condition Reference
proxy.port=
Tests if the IP port used by a request is within the specified range or an exact match.The numeric pattern used to test the proxy.port= condition can contain no whitespace.
If the transaction was explicitly proxied, then this tests the IP port that the client used to reach the proxy. The pattern is a number between 1 and 65535 or a numeric range.
If the transaction was transparently proxied, however, then proxy.port= tests which port the client thinks it is connecting to on the upstream proxy device or origin server. If the client thinks it is connecting directly to the origin server, but is transparently proxied, and if the port number specified by the client in the request URL is not inconsistent or falsified, then proxy.port= and server_url.port= are testing the same value.
Note: Since the ProxySG default configuration passes through tunneled traffic, some changes must be made to begin transparent port monitoring. Only proxy ports that have been configured and enabled can be tested using the proxy.port= condition. For example, if the transparent FTP service, on port 21, is either not configured or not enabled, a policy rule that includes proxy.port=21 has no effect.
Replaces: proxy_port=
Syntax
proxy.port={[low_port_number]..[high_port_number]exact_port_number}
where:
•
•
•
Layer and Transaction Notes
•Use in <Admin>, <Proxy>, and <Forward> layers.
•Applies to proxy transactions.
Examples
;Deny URL through the default proxy port. <proxy>
url=http://www.example.com proxy.port=8080 deny
See Also
•Conditions: client.address=, client.protocol=, proxy.address=, proxy.card=, proxy.port=, server_url.port=
111
