Blue Coat Systems Proxy SG Layers, Sections

ProxySG Content Policy Language Guide

Layers

A policy layer is a CPL construct used to evaluate a set of rules and reach one decision. Separating

decisions helps control policy complexity, and is done through writing each decision in a separate

layer. Each layer has the form:

<layer_type [label]> [layer_condition][layer_properties] ...

layer_content

where:

•The layer_type defines the transactions evaluated against this policy, and restricts the triggers

and properties allowed in the rules used in the layer. See the following Layer Types section.

•The optional label, separated from the layer type by space, is a CPL User-defined Identifier (see

section Chapter 2), basically an alphabetic character followed by alphanumeric or underscore

characters.

•The optional layer_condition is a list of triggers, all of which must evaluate to true before the

layer content is evaluated.

•The optional layer_properties is a list of properties that will become the default settings for

those properties for any rule matched in the layer. These can be overridden by explicitly setting a

different value for that property in a specific rule within the layer.

•The layer_content is a list of rules, possibly organized in sections. (see following). A layer must

contain at least one rule.

Collectively, the layer_condition and layer_properties are often referred to as a layer guard expression.

If a rule has the logical form “if (condition is true) then set properties”, a layer has the form:

if (layer_condition is true) then

{

if (rule1_condition is true) then

set layer_properties then set rule1 properties

else if (rule2_condition is true) then

set layer_properties then set rule2 properties

else if (rule3_condition is true) then

set layer_properties then set rule3 properties

...

}

Within a layer, the first rule that matches terminates evaluation of that layer.

Layers within a policy are evaluated from top to bottom, with rules in later layers taking precedence

over rules in earlier layers.

In CPL, all policy rules are written in a layer. A rule cannot appear in policy preceding any layer

header.

Sections

The rules in layers can optionally be organized in one or more sections, which is a way of grouping

rules together. A section consists of a section header followed by a list of rules.

A section has the form: