Blue Coat Systems Proxy SG define condition

ProxySG Content Policy Language Guide

252

define condition

Binds a user-defined label to a set of conditions for use in a condition= expression.

For condition definitions, the manner in which the condition expressions are listed is significant.

Multiple condition expressions on one line, separated by whitespace, are considered to have a Boolean

AND relationship. However, the lines of condition expressions are considered to have a Boolean OR

relationship.

Performance optimized condition definitions are available for testing large numbers of URLs. See

define url condition, define url.domain condition, and define server_url.domain

condition.

Syntax

define condition label

condition_expression ...

...

end [condition labe]

where:

•label—A user-defined identifier for a condition definition. Used to call the definition from an

action.action_label( ) property.

•condition_expression—Any of the conditions available in a rule. The layer and timing

restrictions for the defined condition depend on the layer and timing restrictions of the contained

expressions.

The condition=condition is one of the expressions that can be included in the body of a define

condition definition block. In this way, one condition definition block can call another

condition-related definition block, so that they are in effect nested. Circular references gen erate a

compile error.

Layer and Transaction Notes

The layers that can reference a condition definition are the layers common to all the condition

statements in the block.

A condition can be evaluated for any transaction. The condition evaluates to true if all the condition

expressions on any line of the condition definition apply to that transaction and evaluate to true.

Condition expressions that do not apply to the transaction evaluate to false.

Example

This example illustrates a simple virus scanning policy designe d to prevent s ome traffic f rom going to

the scanner. Some file types are assumed to be at low risk of infection (some virus scanners will not

scan certain file types), and some are assumed to have already been scanned when they were loaded

on the company’s servers.

Note: The following policy is not a security recommendation, but an illustration of a technique. If

you choose to selectively direct traffic to your virus scanner, you should make your own

security risk assessments based on current information and knowledge of your virus scanning

vendor’s capabilities.