Blue Coat Systems Proxy SG manual Appendix F Upgrading from CacheOS

Appendix F: Upgrading from CacheOS

When upgrading from CacheOS version 4.x to the ProxySG, the default policy files are created as follows:

•The CacheOS 4.x central filter file is copied to the ProxySG central policy file with no changes.

•The CacheOS 4.x local filter file is copied to the ProxySG local policy file with no changes.

•In addition, parts of the CacheOS 4.x security configuration are translated into CPL rules that are placed into the Visual Policy Manager (VPM) policy file.

When downgrading from ProxySG to CacheOS 4.x, the system reverts to the most recent version of the configuration that was in effect before you upgraded. This includes any filter files that were used before the upgrade.

Using Backward-Compatibility Mode

The Content Policy Language (CPL) is almost completely backward compatible with the filter file language used in CacheOS version 4.x. This means that a CacheOS 4.x filter file can be used in the place of a policy file, and it will work, with a few differences. This is known as backward-compatibility mode. Before putting the ProxySG into production, decide whether to continue to use the copied CacheOS 4.x filter files and run in backward-compatibility mode or convert your files to use standard CPL syntax. This distinction is on a per-file basis; for example, your central file could use standard CPL syntax while your local file remains a filter-style file.

Consider that the CPL compiler processes files in two different ways, depending on whether the file has the structure and syntax of a CacheOS 4.x filter file or a standard policy file. For filter-style files, the filter lines are rewritten into appropriate sections, then the statements and sections are evaluated in a specific order that is not determined by their ordering within the file. The compiler is then operating in backward-compatibility mode. For standard CPL-style policy files, layer ordering is important, with later layers overriding earlier layers.

When using the copied CacheOS 4.x filter files in the place of standard policy files, consider the following differences:

•The filter-file-specific version_control property is not supported.

•In CacheOS 4.x, filter patterns are case-sensitive unless case_insensitive=yes is specified. When the CPL compiler in ProxySG processes the file, filter patterns are case-insensitive, unless case_insensitive=no or case_sensitive=yes is specified.

•A CacheOS 4.x filter file containing a default_filter_properties statement in the middle of a list of filters is be interpreted correctly by CPL. CacheOS 4.x only supported the use of default_filter_properties at the beginning and end of the filter list.

•In CacheOS 4.x, a prefix or domain-suffix filter pattern with a missing URL scheme is interpreted as an HTTP URL pattern. When processed by the CPL compiler, the same filter pattern matches a URL with any URL scheme (HTTP, HTTPS, FTP, MMS, RTSP).

•In a CacheOS 4.x filter file, if there is more than one prefix or domain-suffix filter with the same URL pattern, then all but the last filter is ignored, even if the filters have different ACL conditions.