Blue Coat Systems Time Clock Proxy SG Manuel D’Utilisation
Chapter 1: Overview of Content Policy Language
27
policy that does not require the realm. Once all outstanding transactions that required reference to the
realm have completed, the realm can be removed from configuration.
realm have completed, the realm can be removed from configuration.
Substitutions
The actions used to rewrite the URL request or to modify HTTP request headers or HTTP response
headers often need to reference the values of various elements of the transaction state when
constructing the new URL or header value. CPL provides support for various substitutions, which will
expand at runtime to the indicated transaction value. Substitutions have the form:
headers often need to reference the values of various elements of the transaction state when
constructing the new URL or header value. CPL provides support for various substitutions, which will
expand at runtime to the indicated transaction value. Substitutions have the form:
$(name)
For example, the substitution
$(user)
expands to the authenticated user name associated with the
transaction. If policy did not require that user to authenticate, the substitution expands to an empty
string.
string.
Substitutions can also be used directly in the values specified to some CPL properties, such as when
setting text in a message that will be displayed to users.
setting text in a message that will be displayed to users.
Substitutions are available for a variety of purposes. For a categorized list of the substitutions
available, see Appendix D: "CPL Substitutions".
available, see Appendix D: "CPL Substitutions".
Writing Policy Using CPL
A policy file is the unit of integration used to assemble policy.
Policy written in CPL is stored in one of four files on the ProxySG. These files are the following:
•
VPM: This file is reserved for use by the Visual Policy Manager.
•
Local: When the VPM is not being used, the Local file will typically contain the majority of the
policy rules for a system. When the VPM is being used, this file might be empty, it might include
rules for advanced policy features that are not available in the VPM, or it might otherwise
supplement VPM policy.
policy rules for a system. When the VPM is being used, this file might be empty, it might include
rules for advanced policy features that are not available in the VPM, or it might otherwise
supplement VPM policy.
•
Central: This file is typically managed by Blue Coat, although you can have the ProxySG point to a
custom Central policy file instead.
custom Central policy file instead.
•
Forward: The Forward policy file is normally used for all Forward policy, although you can use it
to supplement any policy created in the other three policy files. The Forward policy file will
contain Advanced Forwarding rules when the system is upgraded from a previous version of
SGOS (2.x) or CacheOS (4.x).
to supplement any policy created in the other three policy files. The Forward policy file will
contain Advanced Forwarding rules when the system is upgraded from a previous version of
SGOS (2.x) or CacheOS (4.x).
Each of the files may contain rules and definitions, but an empty file is also legal. (An empty file
specifies no policy and has no effect on the ProxySG.)
specifies no policy and has no effect on the ProxySG.)
Cross file references are allowed but the definitions must be installed before the references, and
references must be removed before definitions are removed.
references must be removed before definitions are removed.
The final installed policy is assembled from the policy stored in the four files by concatenating their
contents. The order of assembly of the VPM, Central and Local policy files is configurable. The
recommended evaluation order is VPM, Local, Central. The Forward policy file is always last.
contents. The order of assembly of the VPM, Central and Local policy files is configurable. The
recommended evaluation order is VPM, Local, Central. The Forward policy file is always last.