Blue Coat Systems Proxy SG request.filter

ProxySG Content Policy Language Guide

210

request.filter_service( )

Controls whether the request is processed by an external content filter service. The ProxySG currently

supports Websense Enterprise Server external content filtering.

Directing the request to an external content filter service does not affect policy based on categories

determined through an on-box vendor or CPL category definitions.

Categories determined by Websense Enterprise Server are not available to the category= condition,

although they appear in access logs. Effectively, all policy based on the Websense determined

categories must be implemented on the Websense server.

Note: This property might be overridden by the deprecated content_filter_override(yes)

property.

Replaces: content_filter_override(yes)

Syntax

request.filter_service(servicename[, fail_open|fail_closed])

request.filter_service(no)

The default values are no and fail_closed.

where:

•servicename—A configured external content filter service that supports request modification.

Currently only Websense Enterprise Server is supported. On upgrade, the service name

websense is automatically generated.

•fail_open—If servicename is unavailable, the request is processed and a response may be

delivered, subject to other policy.

•fail_closed—If the servicename is unavailable, the request is denied.

•no—Prevents the request from being sent from the ProxySG to the external content filter service.

Layer and Transaction Notes

•Use in <Cache> and <Proxy> layers.

• Applies to FTP and HTTP transactions.

Example

The following example directs requests to the Websense server, but allows processing to continue if

the service in unavailable:

<proxy>

request_filter_service(websense, fail_open)

The following policy establishes a general rule that all request are processed by the external filter

service named filter. It then specifies some exceptions to this general rule in a later layer:

<proxy> ; All request are content-filtered by default

request.filter_service( filter )

<proxy> request.filter_servce( no ) ; exceptions to content-filtering