ProxySG Content Policy Language Guide
define condition
Binds a
For condition definitions, the manner in which the condition expressions are listed is significant. Multiple condition expressions on one line, separated by whitespace, are considered to have a Boolean AND relationship. However, the lines of condition expressions are considered to have a Boolean OR relationship.
Performance optimized condition definitions are available for testing large numbers of URLs. See define url condition, define url.domain condition, and define server_url.domain condition.
Syntax
define condition label
condition_expression ...
...
end [condition labe]
where:
•
•
The condition=condition is one of the expressions that can be included in the body of a define condition definition block. In this way, one condition definition block can call another
Layer and Transaction Notes
The layers that can reference a condition definition are the layers common to all the condition statements in the block.
A condition can be evaluated for any transaction. The condition evaluates to true if all the condition expressions on any line of the condition definition apply to that transaction and evaluate to true. Condition expressions that do not apply to the transaction evaluate to false.
Example
This example illustrates a simple virus scanning policy designed to prevent some traffic from going to the scanner. Some file types are assumed to be at low risk of infection (some virus scanners will not scan certain file types), and some are assumed to have already been scanned when they were loaded on the company’s servers.
Note: The following policy is not a security recommendation, but an illustration of a technique. If you choose to selectively direct traffic to your virus scanner, you should make your own security risk assessments based on current information and knowledge of your virus scanning vendor’s capabilities.
252
