Blue Coat Systems Proxy SG Appendix F: Upgrading from CacheOS

Appendix F: Upgrading from CacheOS

When upgrading from CacheOS version 4.x to the ProxySG, the default policy files are created as

follows:

• The CacheOS 4.x central filter file is copied to the ProxySG central policy file with no changes.

• The CacheOS 4.x local filter file is copied to the ProxySG local policy file with no changes.

• In addition, parts of the CacheOS 4.x security configuration are translated into CPL rules that are

placed into the Visual Policy Manager (VPM) policy file.

When downgrading from ProxySG to CacheOS 4.x, the system reverts to the most recent version of the

configuration that was in effect before you upgraded. This includes any filter files that were used

before the upgrade.

The Content Policy Language (CPL) is almost completely backward compatible with the filter file

language used in CacheOS version 4.x. This means that a CacheOS 4.x filter file can be used in the

place of a policy file, and it will work, with a few differences. This is known as backward-compatibility

mode. Before putting the ProxySG into production, decide whether to continue to use the copied

CacheOS 4.x filter files and run in backward-compatibility mode or convert your files to use standard

CPL syntax. This distinction is on a per-file basis; for example, your central file could use standard

CPL syntax while your local file remains a filter-style file.

Consider that the CPL compiler processes files in two different ways, depending on whether the file

has the structure and syntax of a CacheOS 4.x filter file or a standard policy file. For filter-style files,

the filter lines are rewritten into appropriate sections, then the statements and sections are evaluated in

a specific order that is not determined by their ordering within the file. The compiler is then operating

in backward-compatibility mode. For standard CPL-style policy files, layer ordering is important, with

later layers overriding earlier layers.

When using the copied CacheOS 4.x filter files in the place of standard policy files, consider the

following differences:

• The filter-file-specific version_control property is not supported.

• In CacheOS 4.x, filter patterns are case-sensitive unless case_insensitive=yes is specified.

When the CPL compiler in ProxySG processes the file, filter patterns are case-insensitive, unless

case_insensitive=no or case_sensitive=yes is specified.

• A CacheOS 4.x filter file containing a default_filter_properties statement in the middle of a

list of filters is be interpreted correctly by CPL. CacheOS 4.x only supported the use of

default_filter_properties at the beginning and end of the filter list.

• In CacheOS 4.x, a prefix or domain-suffix filter pattern with a missing URL scheme is interpreted

as an HTTP URL pattern. When processed by the CPL compiler, the same filter pattern matches a

URL with any URL scheme (HTTP, HTTPS, FTP, MMS, RTSP).

• In a CacheOS 4.x filter file, if there is more than one prefix or domain-suffix filter with the same

URL pattern, then all but the last filter is ignored, even if the filters have different ACL conditions.