Blue Coat Systems Proxy SG Manual De Usuario
Chapter 3: Condition Reference
139
include a filename extension, such as
http://example.com/
and
http://example.com/test
. To
test multiple extensions, use parentheses and a comma separator (see the Example section below).
•
regular_expression
—A Perl regular expression. The expression must be quoted if it contains
whitespace or any of the following:
& | ( ) < > { } ; ! . = " '
. For more information, refer
to Appendix E: “Using Regular Expressions,” in the Blue Coat ProxySG Configuration and
Management Guide.
Management Guide.
Objects with paths relative to the
prefix_pattern
and
domain_suffix_pattern
are also considered
a match (see the “Example” section).
The following are test modifiers:
•
.case_sensitive
—By default, all matching is case-insensitive; however, the matches on the path
and query portions can be made case-sensitive by using the form
url.case_sensitive=.
•
.domain
—Changes the way the match is performed on the host portion of the URL. The host
pattern is a
domain_suffix
pattern which either matches the hostname exactly, or matches a
suffix of the hostname on component boundaries. The host is converted to a domain name by
reverse DNS lookup if necessary. For example, the condition
reverse DNS lookup if necessary. For example, the condition
url.domain=//example.com
matches the request URL
http://www.example.com/
, but does not match the request URL
http://www.myexample.com/.
•
.exact
—Forces an exact string comparison on the full URL or component.
•
.no_lookup
—Depending on the form of the request’s host and the form of the pattern being
matched, a DNS or reverse DNS lookup is performed to convert the request’s host before the
comparison is made. This lookup can be suppressed by using the
comparison is made. This lookup can be suppressed by using the
.no_lookup=
form of the
condition. The
.no_lookup
modifier speeds up policy evaluation, but use of it may introduce
loopholes into your security policy that can be exploited by those who want to bypass your
security measures. DNS and reverse DNS lookups can be globally restricted by
security measures. DNS and reverse DNS lookups can be globally restricted by
restrict
definitions.
•
.prefix
—Test if the
string
pattern is a prefix of the URL or component.
•
.regex
—Test the URL or component against a
regular_expression
pattern.
When applied to the
url=
condition, the URL is treated as a literal string for the purposes of the
test.
When applied to the
url.host=
condition, if the URL host was specified as an IP address, the
behavior depends on whether or not the
no_lookup
modifier was specified. If
no_lookup
was
specified, then the condition is false. If
no_lookup
was not specified, then a reverse DNS lookup is
performed to convert the IP address to a domain name. If the reverse DNS lookup fails, then the
condition is false. This leads to the following edge conditions:
condition is false. This leads to the following edge conditions:
url.host.regex=!””
has the same
truth value as
url.host.no_name=yes,
and
url.host.regex.no_lookup=!””
has the same
truth value as
url.host.is_numeric=yes
.
When applied to the
url.host=
condition, this pattern match is always case-insensitive.
•
.substring
—Test if the
string
pattern is a substring of the URL or component. The substring
need not match on a boundary (such as a subdomain or path directory) within a component.