Appendix D: CPL Substitutions
293
Category: user
ELFF CPL Description
cs-auth-group group One group that an authenticated client is a
member of. The group selected is determined
by either a group.log_order definition in
policy or the order groups are referenced in
policy
cs-auth-groups groups Groups that an authenticated client is a
member of.
cs-auth-type Client-side: authentication type (such as
BASIC, NTLM, LDAP)
cs-realm realm Authentication realm that the user was
challenged in.
cs-userdn user Full username of a client authenticated to the
proxy (fully distinguished).
cs-username user.name Relative username of a client authenticated to
the proxy; for example, not fully
distinguished.
sc-auth-status Client-side: Authorization status.
x-cache-user Relative username of a client authenticated to
the proxy; for example, not fully
distinguished (same as cs-username).
x-cs-username-or-ip Used to identify the user using either their
authenticated proxy username or, if that is
unavailable, their IP address.
x-radius-splash-
session-id
Session ID made available through RADIUS
when configured for session management
x-radius-splash-
username Username made available through RADIUS
when configured for session management
x-user-x509-issuer user.x509.issuer If the user was authenticated through an
X.509 certificate, this is the issuer of the
certificate as an RFC2253 DN.
x-user-x509-serial-
number user.x509.serialNumber If the user was authenticated through an
X.509 certificate, this is the serial number
from the certificate as a hexadecimal number.
x-user-x509-subject user.x509.subject If the user was authenticated through an
X.509 certificate, this is the subject of the
certificate as an RFC2253 DN.
Category: ci_request_header
ELFF CPL Description
cs(Accept) request.header.Accept Request header: Accept
cs(Accept-Charset) request.header.Accept-
Charset Request header: Accept-Charset
cs(Accept-Encoding) request.header.Accept-
Encoding Request header: Accept-Encoding