ProxySG Content Policy Language Guide

1start transaction ------------------------------

2CPL Evaluation Trace:

3

MATCH:

<Proxy>

4

trace.rules(all) trace.request(yes)

5

miss:

<Proxy>

6

url.domain=!//my_site.com/

7

miss:

url.address=!my_subnet

8

n/a :

<Proxy>

9

ftp.method=STOR

10<Proxy>

11MATCH: url.domain=//my_site.com/ action.foo(yes)

12connection: client_address=10.10.0.10 proxy_port=36895

13time: 2003-09-11 19:36:22 UTC

14GET http://www.my_site.com/home.html

15DNS lookup was unrestricted

16rewritten URL(s):

17cache_url/server_url/log_url=http://www.his_site.com/

18User-Agent: Mozilla 8.6 (Non-compatible)

19user: unauthenticated

20set header= (request)

21value='test'

22end transaction --------------------------------

Notes:

Lines 1 and 22 are delimiters indicating where the trace for this transaction starts and ends.

Line 2 introduces the rule evaluation part of the trace. A rule evaluation part is generated when trace.rules() is set to yes or all.

Lines 3 to 4 and 10 to 11 show rule matches, and are included when trace.rules() is set to either yes or all.

Lines 5 to 9 come only with trace.rules(all). That is, trace.rules(yes) shows only layers and rules that match. To include rules that do not match, use trace.rules(all).

Line 9 shows how a rule (containing an FTP specific condition) that is not applicable to this transaction (HTTP) is marked as n/a.

Lines 12 to 21 are generated as a result of trace.request(yes). Using trace.rules() without trace.request(yes) does not result in a trace.

Line 12 show client related information.

Line 13 shows the time the transaction was processed.

Line 14 is a summary of the request line.

Line 15 indicates that DNS lookup was attempted during evaluation, and was unrestricted. This line only appears if there is a DNS restriction and a DNS lookup was required for evaluation.

Lines 16 and 17 indicate that the request URL was rewritten, and show the effects.

Line 19 indicates that the user was not required to authenticate. If authentication had been required, the user identity would be displayed.

Lines 20 and 21 show the results of the header modification action.

278

Page 278
Image 278
Blue Coat Systems Proxy SG manual Match