Chapter 3: Condition Reference
Unavailable Triggers
Some triggers can be unavailable in some transactions. If a trigger is unavailable, then any condition containing that trigger is false, regardless of the pattern expression. For example, if the current transaction is not authenticated (that is, the authenticate property was set to no), then the user trigger is unavailable. This means that user=kevin and user=!kevin are both false.
A condition can be false either because the pattern does not match the trigger value, or because the trigger is unavailable. Policy
Layer Type Restrictions
Each trigger is restricted as to the types of layers in which it can be used. A direct use of a trigger in a forbidden layer results in a
Global Restrictions
To allow suppression of DNS and RDNS lookups from policy, the following restrictions are supported. These restrictions have the effect of assuming a no_lookup modifier for appropriate url= and server_url tests. The restrictions also apply to lookups performed by
restrict dns Applies to all layers. Applies to all
domain_listtransactions. end
restrict rdns Applies to all layers. Applies to all
subnet_listtransactions. end
If the domain specified in a URL matches any of the domain patterns specified in domain_list, no DNS lookup is performed for any server_url=, server_url.address=, server_url.domain=, or server_url.host= test.
If a lookup is required to evaluate the trigger, the trigger evaluates to false.
If the requested URL specifies the host in IP form, no RDNS lookup is performed to match any server_url=, server_url.domain=, or server_url.host= trigger.
If a lookup is required to evaluate the trigger, the trigger evaluates to false.
Condition Reference
The remainder of this chapter lists the conditions and their accepted values. It also provides tips as to where each condition can be used and examples of how to use them.
51
