Blue Coat Systems Time Clock Proxy SG Manuale Utente

Chapter 3: Condition Reference

111

proxy.port=

Tests if the IP port used by a request is within the specified range or an exact match.The numeric 
pattern used to test the 

proxy.port=

 condition can contain no whitespace.

If the transaction was explicitly proxied, then this tests the IP port that the client used to reach the 
proxy. The pattern is a number between 1 and 65535 or a numeric range.

If the transaction was transparently proxied, however, then 

proxy.port=

 tests which port the client 

thinks it is connecting to on the upstream proxy device or origin server. If the client thinks it is 
connecting directly to the origin server, but is transparently proxied, and if the port number specified 
by the client in the request URL is not inconsistent or falsified, then 

proxy.port=

 and 

server_url.port=

 are testing the same value.

Since the ProxySG default configuration passes through tunneled traffic, some changes must 
be made to begin transparent port monitoring. Only proxy ports that have been configured 
and enabled can be tested using the 

proxy.port=

 condition. For example, if the transparent 

FTP service, on port 21, is either not configured or not enabled, a policy rule that includes

 

proxy.port=21

 has no effect.

Replaces: 

proxy_port=

proxy.port={[low_port_number]..[high_port_number]|exact_port_number}

where:

•

—A port number at the low end of the range to be tested. Can be a number 

between 1 and 65535.

•

—A port number at the high end of the range to be tested. Can be a number 

between 1 and 65535.

•

—A single port number; for example, 80. Can be a number between 1 and 

65535.

•

Use  in 

<Admin>

, 

<Proxy>

, and 

<Forward>

 layers.

•

Applies to proxy transactions.

; Deny URL through the default proxy port.

<proxy>

url=http://www.example.com proxy.port=8080 deny

•

Conditions: 

client.address=

, 

client.protocol=

, 

proxy.address=

, 

proxy.card=

, 

proxy.port=

, 

server_url.port=