Blue Coat Systems Proxy SG Unavailable Triggers , Condition Reference

Chapter 3: Condition Reference

Unavailable Triggers

Some triggers can be unavailable in some transactions. If a trigger is unavailable, then any condition

containing that trigger is false, regardless of the pattern expression. For example, if the current

transaction is not authenticated (that is, the authenticate property was set to no), then the user trigger

is unavailable. This means that user=kevin and user=!kevin are both false.

A condition can be false either because the pattern does not match the trigger value, or because the

trigger is unavailable. Policy rule-tracing distinguishes these two cases, using miss for the former and

N/A for the latter.

Each trigger is restricted as to the types of layers in which it can be used. A direct use of a trigger in a

forbidden layer results in a compile-time error. Indirect use of a trigger in a forbidden layer (by way of

condition= and a condition definition) also results in a compile time error.

To allow suppression of DNS and RDNS lookups from policy, the following restrictions are supported.

These restrictions have the effect of assuming a no_lookup modifier for appropriate url= and

server_url tests. The restrictions also apply to lookups performed by on-box content category

lookups. For more information on DNS and RDNS restrictions, see Chapter 6: "Definition Reference".

Condition Reference

The remainder of this chapter lists the conditions and their accepted values. It also provides tips as to

where each condition can be used and examples of how to use them.

restrict dns

domain_list

end

Applies to all layers. Applies to all

transactions.

If the domain specified in a URL matches any of the

domain patterns specified in domain_list, no

DNS lookup is performed for any server_url=,

server_url.address=, server_url.domain=,

or server_url.host= test.

If a lookup is required to evaluate the trigger, the

trigger evaluates to false.

restrict rdns

subnet_list

end

Applies to all layers. Applies to all

transactions.

If the requested URL specifies the host in IP form, no

RDNS lookup is performed to match any

server_url=, server_url.domain=, or

server_url.host= trigger.

If a lookup is required to evaluate the trigger, the

trigger evaluates to false.