Blue Coat Systems Time Clock Proxy SG 사용자 설명서
Chapter 3: Condition Reference
51
Unavailable Triggers
Some triggers can be unavailable in some transactions. If a trigger is unavailable, then any condition
containing that trigger is false, regardless of the pattern expression. For example, if the current
transaction is not authenticated (that is, the authenticate property was set to
containing that trigger is false, regardless of the pattern expression. For example, if the current
transaction is not authenticated (that is, the authenticate property was set to
no
), then the
user
trigger
is unavailable. This means that
user=kevin
and
user=!kevin
are both false.
A condition can be false either because the pattern does not match the trigger value, or because the
trigger is unavailable. Policy rule-tracing distinguishes these two cases, using
trigger is unavailable. Policy rule-tracing distinguishes these two cases, using
miss
for the former and
N/A
for the latter.
Layer Type Restrictions
Each trigger is restricted as to the types of layers in which it can be used. A direct use of a trigger in a
forbidden layer results in a compile-time error. Indirect use of a trigger in a forbidden layer (by way of
forbidden layer results in a compile-time error. Indirect use of a trigger in a forbidden layer (by way of
condition=
and a condition definition) also results in a compile time error.
Global Restrictions
To allow suppression of DNS and RDNS lookups from policy, the following restrictions are supported.
These restrictions have the effect of assuming a
These restrictions have the effect of assuming a
no_lookup
modifier for appropriate
url=
and
server_url
tests. The restrictions also apply to lookups performed by on-box content category
lookups. For more information on DNS and RDNS restrictions, see Chapter 6: "Definition Reference".
Condition Reference
The remainder of this chapter lists the conditions and their accepted values. It also provides tips as to
where each condition can be used and examples of how to use them.
where each condition can be used and examples of how to use them.
restrict dns
domain_list
end
Applies to all layers.
Applies to all
transactions.
transactions.
If the domain specified in a URL matches any of the
domain patterns specified in domain_list, no
DNS lookup is performed for any server_url=,
server_url.address=
domain patterns specified in domain_list, no
DNS lookup is performed for any server_url=,
server_url.address=
, server_url.domain=,
or server_url.host= test.
If a lookup is required to evaluate the trigger, the
trigger evaluates to false.
If a lookup is required to evaluate the trigger, the
trigger evaluates to false.
restrict rdns
subnet_list
end
Applies to all layers.
Applies to all
transactions.
transactions.
I
f the requested URL specifies the host in IP form, no
RDNS lookup is performed to match any
server_url=
server_url=
, server_url.domain=, or
server_url.host= trigger
.
If a lookup is required to evaluate the trigger, the
trigger evaluates to false.
trigger evaluates to false.