ProxySG Content Policy Language Guide

restrict rdns

This definition restricts reverse DNS lookups and is useful in installations where access to reverse DNS resolution is limited or problematic. The definition has no name. It is global to policy evaluation and is not directly referenced by any rules.

If the requested URL specifies the host in IP form, no reverse DNS lookup is performed to match any category=, url=, url.domain=, or url.host= condition.

The special token all matches all subnets, and therefore can be used to restrict all policy-based reverse DNS lookups.

If a lookup is required to evaluate the trigger, the trigger evaluates to false.

A restrict rdns definition may appear multiple times in policy. The compiler attempts to coalesce these definitions, and may emit various errors or warnings while coalescing if the definition is contradictory or redundant.

Syntax

restrict rdns restricted_subnet_list

except exempted_subnet_list

end

where

restricted_subnet_list—Subnets for which reverse DNS lookup is restricted.

exempted_subnet_list—Subnets exempt from the reverse DNS restriction. Policy is able to use reverse DNS lookups when evaluating policy related to these subnets.

Layer and Transaction Notes

Applies to all layers and transactions.

Example

The following definition restricts reverse DNS resolution for all but the 10.10.100.0/24 subnet:

restrict rdns all

except 10.10.100.0/24

end

See Also

Conditions: category=, url=, server_url=

Definitions: restrict dns

268

Page 267 Page 269
Page 268
Image 268
Blue Coat Systems Proxy SG manual Restrict rdns
Page 267 Page 269
Top Page Image Contents