ProxySG Content Policy Language Guide

With a few notable exceptions, triggers test one aspect of request, response, or associated state against a boolean expression of values.

For the conditions in a rule, each of the triggers is logically anded together. In other words, the condition is only true if each one of the trigger expressions is true.

Properties are settings that control transaction processing, such as deny, or the handling of the object, such as cache(no), indicating that the object is not to be cached locally. At the beginning of a transaction, all properties are set to their default values. As the policy is evaluated in sequence, rules that match might set a property to a particular value. A property retains the final value setting when evaluation ends, and the transaction is processed accordingly. Properties that are not set within the policy maintain their default values.

The logical form of a policy rule could be expressed as:

if condition is true then set all listed properties as specified

The following is an example of a simple policy rule:

url.domain=example.com time=0900..1700 exception(policy_denied)

It states that the exception( ) property is set to policy_denied if both of the following triggers test true:

The request is made for a page from the domain example.com

The request is made between 9 a.m. and 5 p.m.

Notes

CPL triggers have the form trigger_name=pattern_expression

CPL properties have the form property_name(setting), except for a few imperative gestures such as allow and deny.

The text in policy rules is case-insensitive, with a few exceptions identified in the following chapters.

Policy listings are normalized in several ways. First, condition and action definitions which may appear anywhere in the source, will be grouped following the policy rules. Second, the order of the conditions and properties on a rule may change, since the CPL compiler always puts a deny or allow at the beginning of the rule, and orders conditions to optimize evaluation. Finally, several phrases are synonyms for phrases that are preferred. In the output of show policy, the preferred form is listed instead of the synonym.

Four such synonyms are:

exception(authorization_failed), which is a synonym for the preferred deny.unauthorized

force_exception(authorization_failed), which is a synonym for the preferred force_deny.unauthorized

exception(policy_denied), which is a synonym for the preferred deny

exception(no), which is a synonym for the preferred allow.

22

Page 21 Page 23
Page 22
Image 22
Blue Coat Systems Proxy SG manual CPL triggers have the form triggername=patternexpression
Page 21 Page 23
Top Page Image Contents