While prefix-pattern filters are commonly used outside of any section, the Prefix section is provided to help differentiate these type of filters when domain-suffix and regular-expression filters are also used. The filters in a prefix section follow the pattern used in a CPL url= condition. For more information, see "url=" on page 137.
Prefix section headers have the following syntax. They are not case-sensitive.
[Prefix]
Note: In CPL, use [url] sections. [Prefix] sections are deprecated.
Domain-Suffix Sections
If the filter file includes domain-suffix filters, then those filter lines must be placed within a domain-suffix section. Domain-suffix filters can be used in place of certain regular expression filters and provide better performance than the equivalent regular-expression filters. Domain-suffix filters are intended to replace regular expression filters of the form: http://.*\.?domain/ and match all objects from the domain and its sub-domains. ProxySG supports a filter list containing many domain-suffix filters with minimal system overhead.
Domain-suffix section headers have the following syntax. They are not case-sensitive.
[Domain-Suffix]
Note: In CPL, use [url.domain] sections. [Domain-Suffix]sections are deprecated.
Regular-Expression Sections
Regular-expression filters are powerful but they are difficult to write correctly and have a performance penalty. The domain-suffix section is provided to improve performance when processing domain-suffix-style regular-expressions. The filters in a regular-expression section follow the pattern used in a CPL url.regex= condition. For more information, see "url=" on page 137.
Regular-expression section headers have the following syntax. They are not case-sensitive.
[Regular-Expression]
Note: In CPL, use [Rule] sections and url.regex= conditions. [url.regex] sections are supported in CPL and are equivalent to filter file [Regular-Expression]sections, but provide no performance advantage. [Regular-Expression]sections are deprecated.
Section Example
The following example shows a filter list containing all three types of sections. Filter lists that include domain-suffix filters must follow a structure that explicitly identifies the filter types.
[Prefix] http://www.confidential.com/ deny
[Domain-Suffix] http://company.com/ deny
[Regular-Expression] http://.*xyz.com/ deny
The above three filter lines all result in denial of service to a group of distinct URLs:
•The prefix filter http://www.confidential.com/ denies service to all URLs exactly matching the domain www.confidential.com and any path relative to the aforementioned domain, including the null path.
