Blue Coat Systems Time Clock Proxy SG Manuel D’Utilisation
ProxySG Content Policy Language Guide
174
deny( )
Denies service.
Denial can be overridden by
allow
or
exception(
)
. To deny service in a way that cannot be
overridden by a subsequent
allow
, use
force_deny( )
or
force_exception( )
.
The relation between
authenticate( )
and
deny( )
is controlled by the
authenticate.force( )
property. By default,
deny( )
overrides
authenticate( )
. Recall that this means that a transaction
can be denied before authentication occurs, resulting in no user indentification available for logging.
Similarly, the relation between socks.authenticate( ) and deny( ) is controlled by the
socks.authenticate.force( )
socks.authenticate.force( )
property. By default, deny( ) overrides
socks.authenticate( )
.
Replaces:
service(no)
Syntax
deny
deny(details)
where
details
is a string defining a message to be displayed to the user. The details string may
contain CPL substitution variables.
Discussion
The
deny(details)
property is equivalent to
exception(policy_denied, details)
. The identity
of an exception being returned can be tested in an
<Exception>
layer using
exception.id=
.
For HTTP, a
policy_denied
exception results in a 403 Forbidden response. This is appropriate when
the denial does not depend on the user identity. When the denial does depend on user identity, use
deny.
deny.
unauthorized( )
instead to give the user an opportunity to retry the request with different
credentials.
Layer and Transaction Notes
•
Use in
<Cache>
,
<Proxy>
, and
<Admin>
layers. In
<Forward>
layers, use "access_server( )" on
•
Applies to all transactions.
Example
deny url.address=10.25.100.100
See Also
•
Condition:
exception.id=
•
Properties:
allow, authenticate.force( )
,
deny.unauthorized( )
,
force_deny( )
,
never_refresh_before_expiry( )
,
never_serve_after_expiry( )
,
remove_IMS_from_GET(
)
,
remove_PNC_from_GET( )
,
remove_reload_from_IE_GET( )
,
request.filter_service( )
,
socks.authenticate( )
,
socks.authenticate.force( )