ProxySG Content Policy Language Guide
Named Definitions
There are various types of named definitions. Each definition is given a user defined name that is then used in rules to refer to the definition. This section highlights a few of the definition types, as an overview of the topic. Refer to the Definitions reference chapter for more details.
Subnet Definitions
Subnet definitions are used to define a list of IP addresses or IP subnet masks that can be used to test any of the IP addresses associated with the transaction, for example, the client’s address or the request’s destination address.
Condition Definitions
Condition definitions can include any triggers that are legal in the layer referencing the condition. The condition= trigger is the exception to the rule that triggers can test only one aspect of a transaction. Since conditions definitions can include other triggers, condition= triggers can test multiple parts of the transaction state. Also, condition definitions allow for arbitrary boolean combinations of trigger expressions.
Category Definitions
Category definitions are used to extend vendor content categories or to create your own. These categories are tested (along with any vendor defined categories) using the category= trigger.
Action Definitions
An action takes arguments and is wrapped in a named action definition block. Actions are turned on or off for a transaction through setting the action( ) property. The action property has syntax that allows for individual actions to be turned on and off independently. When the action definition is turned on, any actions it contains operate on their respective arguments.
Transformer Definitions
A transformer definition is a kind of named definition that specifies a transformation that is to be applied to an HTTP response. There are three types: url_rewrite definitions, active_content definitions, and javascript definitions.
Anonymous Definitions
Two types of anonymous definitions modify policy evaluation, but are not referenced by any rules. These definitions serve to restrict DNS and
Referential Integrity
Policy references many objects defined in system configuration, such as authentication realms, forward hosts, SOCKS gateways, and the like. CPL enforces the integrity of those references by ensuring that the entities named in policy exist and have appropriate characteristics at the time the policy is compiled. During runtime, any attempts to remove a configured object that is referenced by currently active policy will fail.
To remove a configured entity, such as a realm, that is referenced by policy, new policy must be installed with all references to that realm removed. New transactions will open against a version of
26