Blue Coat Systems Proxy SG

ProxySG Content Policy Language Guide

140

•.suffix—Test if the string pattern is a suffix of the URL or component. The suffix need not

match on a boundary (such as a domain component or path directory) within a URL component.

Note: .prefix,.regex, .substring, and.suffix are string comparisons that do not require a

match on component boundaries. For this reason, url.host.suffix= differs from the host

comparison used in url.domain= tests, which does require component level matches.

The URL component modifiers are:

•.address—Tests if the host IP address of the requested URL matches the specified IP address, IP

subnet, or subnet definition. If necessary, a DNS lookup is performed on the host name. DNS

lookups can be globally restricted by a restrict DNS definition.

The patterns supported by the url.address= test are:

❐ip_address—Host IP address or subnet; for example, 10.1.198.0.

❐subnet—A subnet mask; for example, 10.1.198.0/24.

❐subnet_label—Label of a subnet definition block that binds a number of IP addresses or

subnets.

The .address modifier is primarily useful when the expression uses either a subnet or a

subnet_label. If a literal ip_address is used, then the url.address= condition is equivalent to

url.host=.

•.host—Tests the host component of the requested URL against the IP address or domain name

specified by the host pattern. The pattern cannot include a forward slash (/) or colon (:). It does

not recognize wild cards or suffix matching. Matches are case-insensitive. The default test type is

.exact.

Note: url.host.exact= can be tested using hash techniques rather than string matches, and will

therefore have significantly better performance than other, string based, versions of the

url.host= tests. .

Since the host component of a request URL can be either an IP address or a domain name, a

conversion is sometimes necessary to allow a comparison.

❐If the expression uses a domain name and the host component of the request URL is an IP

address, then the IP address is converted to a domain name by doing a reverse DNS lookup.

❐If the expression uses an IP address and the host component of the request URL is a domain

name, then the domain name is converted to an IP address by doing a DNS lookup.

The .host component supports additional test modifiers:

❐.is_numeric—This is true if the URL host was specified as an IP address. For some types of

transactions (for example, transparent requests on a non-accelerated port), this condition will

always be true.

❐.no_name—This is true if no domain name can be found for the URL host. Specifically, it is

true if the URL host was specified as an IP address, and a reverse DNS lookup on this IP

address fails, either because it returns no name or a network error occurs.

•.path—Tests the path component of the request URL. By default, the pattern is tested as a prefix

of the complete path component of the requested URL, as well as any query component. The path

and query components of a URL consist of all text from the first forward slash (/) that follows the

host or port, to the end of the URL, not including any fragment identifier. The leading forward