Manuals / Blue Coat Systems / Computer Equipment / Time Clock

Blue Coat Systems Proxy SG manual Proxy Layers, Layer Guards

Models: Proxy SG

1 314
Download 314 pages 28.21 Kb
Page 40
Image 40

ProxySG Content Policy Language Guide

<Proxy> Layers

<Proxy> layers define policy for authenticating and authorizing users’ requests for service over one of the configured proxy service ports (refer to Chapter 6:”Managing Port Services” in the ProxySG Configuration and Management Guide.). Proxy layer policy involves both both client identity and content. Only proxy transactions are evaluated against <Proxy> layers.

The syntax is:

<Proxy [label]> [proxy_condition][proxy_properties] ...

proxy_content

where:

The <Proxy> layer defines the transactions evaluated against this policy, and restricts the triggers and properties allowed in the rules used in the layer.

The optional label, separated from the layer type by space, is a CPL User-defined Identifier.

The optional proxy_condition is a list of triggers, all of which must evaluate to true before the layer content is evaluated. For more information on using conditions, see Chapter 3: "Condition Reference". See also the following Layer Guards section.

The optional proxy_properties is a list of properties set if any of the rules in the layer match. These act as defaults, and can be overridden by property settings in specific rules in the layer. For more information on using properties, see Chapter 4: "Property Reference". See also the following Layer Guards section.

Layer Guards

Often, the same set of conditions or properties appears in every rule in a layer. For example, a specific user group for which a number of individual cases exist where some things are denied:

<Proxy>

group=general_staff url.domain=competitor.com/jobs deny group=general_staff url.host=bad_host deny group=general_staff condition=whatever deny

; etc.

group=general_staff allow

You can factor out the common elements into guard expressions. Notice that the common elements are group=general_staff and deny. The following is the same policy, expressed as a layer employing a guard expression:

<Proxy> group=general_staff deny url.domain=competitor.com/jobs url.host=bad_host condition=whatever

;etc. allow

Note that the explicit allow overrides the deny specified in the layer guard. This is an instance of a rule specific property setting overriding the default property settings specified in a guard expression.

40

Page 39 Page 41
Page 40
Image 40
Blue Coat Systems Proxy SG manual Proxy Layers, Layer Guards
Page 39 Page 41