Blue Coat Systems Time Clock Proxy SG Manuale Utente
ProxySG Content Policy Language Guide
22
With a few notable exceptions, triggers test one aspect of request, response, or associated state against
a boolean expression of values.
a boolean expression of values.
For the conditions in a rule, each of the triggers is logically anded together. In other words, the
condition is only true if each one of the trigger expressions is true.
condition is only true if each one of the trigger expressions is true.
Properties are settings that control transaction processing, such as deny, or the handling of the object,
such as cache(no), indicating that the object is not to be cached locally. At the beginning of a
transaction, all properties are set to their default values. As the policy is evaluated in sequence, rules
that match might set a property to a particular value. A property retains the final value setting when
evaluation ends, and the transaction is processed accordingly. Properties that are not set within the
policy maintain their default values.
such as cache(no), indicating that the object is not to be cached locally. At the beginning of a
transaction, all properties are set to their default values. As the policy is evaluated in sequence, rules
that match might set a property to a particular value. A property retains the final value setting when
evaluation ends, and the transaction is processed accordingly. Properties that are not set within the
policy maintain their default values.
The logical form of a policy rule could be expressed as:
if condition is true then set all listed properties as specified
The following is an example of a simple policy rule:
url.domain=example.com time=0900..1700 exception(policy_denied)
It states that the
exception( )
property is set to
policy_denied
if both of the following triggers test
true:
•
The request is made for a page from the domain
example.com
•
The request is made between 9 a.m. and 5 p.m.
Notes
•
CPL triggers have the form
trigger_name=pattern_expression
•
CPL properties have the form
property_name(setting),
except for a few imperative gestures
such as
allow
and
deny
.
•
The text in policy rules is case-insensitive, with a few exceptions identified in the following
chapters.
chapters.
•
Policy listings are normalized in several ways. First, condition and action definitions which may
appear anywhere in the source, will be grouped following the policy rules. Second, the order of
the conditions and properties on a rule may change, since the CPL compiler always puts a deny or
allow at the beginning of the rule, and orders conditions to optimize evaluation. Finally, several
phrases are synonyms for phrases that are preferred. In the output of
appear anywhere in the source, will be grouped following the policy rules. Second, the order of
the conditions and properties on a rule may change, since the CPL compiler always puts a deny or
allow at the beginning of the rule, and orders conditions to optimize evaluation. Finally, several
phrases are synonyms for phrases that are preferred. In the output of
show policy
, the preferred
form is listed instead of the synonym.
Four such synonyms are:
❐
exception(authorization_failed)
, which is a synonym for the preferred
deny.unauthorized
❐
force_exception(authorization_failed),
which is a synonym for the preferred
force_deny.unauthorized
❐
exception(policy_denied)
, which is a synonym for the preferred
deny
❐
exception(no)
, which is a synonym for the preferred
allow
.