Blue Coat Systems Time Clock Proxy SG Manuale Utente

Chapter 3: Condition Reference

117

request.header.header_name.address=

Tests if the specified request header can be parsed as an IP address; otherwise, false. If parsing 
succeeds, then the IP address extracted from the header is tested against the specified IP address. The 
expression can include an IP address or subnet, or the label of a subnet definition block. The header 
must be a common HTTP header. This condition is commonly used with the 

X-Forwarded-For 

and

 

Client-IP

 headers. For other, custom headers, use 

request.x_header.header_name.address=

. 

Replaces: 

request_header_address.header_name=

request.header.header_name.address=ip_address|subnet|subnet_label 

where:

•

—A recognized HTTP header. For a complete list of recognized headers, see 

•

—IP address; for example, 

10.1.198.46.

•

—A subnet mask; for example, 

10.1.198.0/24

.

•

—Label of a subnet definition block that binds a number of IP addresses or subnets.

•

Use  in 

<Cache>

 and 

<Proxy>

 layers.

; In this example, we assume that there is a downstream ProxySG that

; identifies client traffic by putting the client’s IP address in a request

; header.

; Here we’ll deny access to some clients, based on the header value.

<proxy>

; Netscape’s convention is to use the Client-IP header

deny request.header.Client-IP.address=10.1.198.0/24 ; the subnet

; Blue Coat’s convention is to use the extended header:

deny request.header.X-Forwarded-For.address=10.1.198.12

•

Actions: 

append( )

, 

delete( )

, 

delete_matching( )

, 

rewrite( )

, 

set( ) 

•

Conditions: 

request.header.header_name=, response.header.header_name=, 

response.x_header.header_name=

•

Definitions: 

define subnet