Chapter 1: Overview of Content Policy Language
policy that does not require the realm. Once all outstanding transactions that required reference to the realm have completed, the realm can be removed from configuration.
Substitutions
The actions used to rewrite the URL request or to modify HTTP request headers or HTTP response headers often need to reference the values of various elements of the transaction state when constructing the new URL or header value. CPL provides support for various substitutions, which will expand at runtime to the indicated transaction value. Substitutions have the form:
$(name)
For example, the substitution $(user) expands to the authenticated user name associated with the transaction. If policy did not require that user to authenticate, the substitution expands to an empty string.
Substitutions can also be used directly in the values specified to some CPL properties, such as when setting text in a message that will be displayed to users.
Substitutions are available for a variety of purposes. For a categorized list of the substitutions available, see Appendix D: "CPL Substitutions".
Writing Policy Using CPL
A policy file is the unit of integration used to assemble policy.
Policy written in CPL is stored in one of four files on the ProxySG. These files are the following:
•VPM: This file is reserved for use by the Visual Policy Manager.
•Local: When the VPM is not being used, the Local file will typically contain the majority of the policy rules for a system. When the VPM is being used, this file might be empty, it might include rules for advanced policy features that are not available in the VPM, or it might otherwise supplement VPM policy.
•Central: This file is typically managed by Blue Coat, although you can have the ProxySG point to a custom Central policy file instead.
•Forward: The Forward policy file is normally used for all Forward policy, although you can use it to supplement any policy created in the other three policy files. The Forward policy file will contain Advanced Forwarding rules when the system is upgraded from a previous version of SGOS (2.x) or CacheOS (4.x).
Each of the files may contain rules and definitions, but an empty file is also legal. (An empty file specifies no policy and has no effect on the ProxySG.)
Cross file references are allowed but the definitions must be installed before the references, and references must be removed before definitions are removed.
The final installed policy is assembled from the policy stored in the four files by concatenating their contents. The order of assembly of the VPM, Central and Local policy files is configurable. The recommended evaluation order is VPM, Local, Central. The Forward policy file is always last.
27
