Blue Coat Systems Time Clock Proxy SG Manuale Utente
ProxySG Content Policy Language Guide
252
define condition
Binds a user-defined label to a set of conditions for use in a
condition=
expression.
For condition definitions, the manner in which the condition expressions are listed is significant.
Multiple condition expressions on one line, separated by whitespace, are considered to have a Boolean
AND relationship. However, the lines of condition expressions are considered to have a Boolean OR
relationship.
Multiple condition expressions on one line, separated by whitespace, are considered to have a Boolean
AND relationship. However, the lines of condition expressions are considered to have a Boolean OR
relationship.
Performance optimized condition definitions are available for testing large numbers of URLs. See
define url condition
,
define url.domain condition
, and
define server_url.domain
condition
.
Syntax
define condition label
condition_expression ...
...
end [condition labe]
where:
•
label
—A user-defined identifier for a condition definition. Used to call the definition from an
action.action_label( )
property.
•
condition_expression
—Any of the conditions available in a rule. The layer and timing
restrictions for the defined condition depend on the layer and timing restrictions of the contained
expressions.
expressions.
The
condition=condition
is one of the expressions that can be included in the body of a define
condition
definition block. In this way, one condition definition block can call another
condition-related definition block, so that they are in effect nested. Circular references generate a
compile error.
compile error.
Layer and Transaction Notes
The layers that can reference a condition definition are the layers common to all the condition
statements in the block.
statements in the block.
A condition can be evaluated for any transaction. The condition evaluates to true if all the condition
expressions on any line of the condition definition apply to that transaction and evaluate to true.
Condition expressions that do not apply to the transaction evaluate to false.
expressions on any line of the condition definition apply to that transaction and evaluate to true.
Condition expressions that do not apply to the transaction evaluate to false.
Example
This example illustrates a simple virus scanning policy designed to prevent some traffic from going to
the scanner. Some file types are assumed to be at low risk of infection (some virus scanners will not
scan certain file types), and some are assumed to have already been scanned when they were loaded
on the company’s servers.
the scanner. Some file types are assumed to be at low risk of infection (some virus scanners will not
scan certain file types), and some are assumed to have already been scanned when they were loaded
on the company’s servers.
Note:
The following policy is not a security recommendation, but an illustration of a technique. If
you choose to selectively direct traffic to your virus scanner, you should make your own
security risk assessments based on current information and knowledge of your virus scanning
vendor’s capabilities.
you choose to selectively direct traffic to your virus scanner, you should make your own
security risk assessments based on current information and knowledge of your virus scanning
vendor’s capabilities.