Blue Coat Systems Proxy SG Writing Policy Using CPL

Chapter 1: Overview of Content Policy Language

policy that does not require the realm. Once all outstanding transactions that required reference to the

realm have completed, the realm can be removed from configuration.

The actions used to rewrite the URL request or to modify HTTP request headers or HTTP response

headers often need to reference the values of various elements of the transaction state when

constructing the new URL or header value. CPL provides support for various substitutions, which will

expand at runtime to the indicated transaction value. Substitutions have the form:

$(name)

For example, the substitution $(user) expands to the authenticated user name associated with the

transaction. If policy did not require that user to authenticate, the substitution expands to an empty

string.

Substitutions can also be used directly in the values specified to some CPL properties, such as when

setting text in a message that will be displayed to users.

Substitutions are available for a variety of purposes. For a categorized list of the substitutions

available, see Appendix D: "CPL Substitutions".

Writing Policy Using CPL

A policy file is the unit of integration used to assemble policy.

Policy written in CPL is stored in one of four files on the ProxySG. These files are the following:

•VPM: This file is reserved for use by the Visual Policy Manager.

•Local: When the VPM is not being used, the Local file will typically contain the majority of the

policy rules for a system. When the VPM is being used, this file might be empty, it might include

rules for advanced policy features that are not available in the VPM, or it might otherwise

supplement VPM policy.

•Central: This file is typically managed by Blue Coat, although you can have the ProxySG point to a

custom Central policy file instead.

•Forward: The Forward policy file is normally used for all Forward policy, although you can use it

to supplement any policy created in the other three policy files. The Forward policy file will

contain Advanced Forwarding rules when the system is upgraded from a previous version of

SGOS (2.x) or CacheOS (4.x).

Each of the files may contain rules and definitions, but an empty file is also legal. (An empty file

specifies no policy and has no effect on the ProxySG.)

Cross file references are allowed but the definitions must be installed befo re the references, and

references must be rem oved before defini tions are removed.

The final installed policy is assembled from the policy stored in the four files by concatenating their

contents. The order of assembly of the VPM, Central and Local policy files is configurable. The

recommended evaluation order is VPM, Local, Central. The Forward policy file is always last.