Summary of Contents of user manual for Blue Coat Systems Proxy SG. Blue Coat SystemsTM ProxySG Content Policy Language Guide Content Policy Language Guide. ProxySG Content Policy Language Guide Blue Coat Systems Inc. (408) 220-2200 Voice 650 Almanor Avenue (408) 220-2250 FAX Sunnyvale, California. Copyrights THIRD PARTY COPYRIGHT NOTICES Blue Coat Systems, Inc. Security Gateway Operating System (SGOS) version 3 utilizes third party.

1. Cpl Reference
2. Reference Guide Definition
3. Cpl Reference Ranges

ProxySG Content Policy Language Guide Redistribution and use of this software and associated documentation ('Software'), with or without modification, are. Copyrights A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY. ProxySG Content Policy Language Guide 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions.

Copyrights This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson. ProxySG Content Policy Language Guide documentation. Moscow Center for SPARC Technology makes no representations about the suitability of this software.

Preface: Introducing the Content Policy Language The Content Policy Language (CPL) is a powerful, flexible language that enables you to. ProxySG Content Policy Language Guide Table 2.1: Manual Organization (Continued) Appendix D – CPL Substitutions This appendix lists all substitution. Contents Preface: Introducing the Content Policy Language About the Document Organization.ix Supported Browsers.ix Related Blue Coat Documentation.x Document Conventions.x. ProxySG Content Policy Language Guide Layers. 39 Layers. 40 Layer Guards.

40 Timing. 41 Understanding Sections. Contents http.method=. 79 http.request.version=. 80 http.response.code=. 81 http.response.version=.

82 http.transparentauthentication=. 83 http.xmethod=. ProxySG Content Policy Language Guide serverurl=. 125 socks=. 128 socks.accelerated=. 129 socks.method=. 130 socks.version=.

131 streaming.client=. Contents forcecache( ). 180 forcedeny( ). 181 forceexception( ). 182 forcepatiencepage( ).

183 forward( ). ProxySG Content Policy Language Guide trace.request( ). 223 trace.rules( ). 224 ttl( ). 225 uasensitive( ).

Cpl Reference

Contents Appendix B: Testing and Troubleshooting Enabling Rule Tracing. 275 Enabling Request Tracing. 276 Using Trace Information. ProxySG Content Policy Language Guide xviii. Chapter 1: Overview of Content Policy Language The Content Policy Language (CPL) is a programming language with its own concepts. ProxySG Content Policy Language Guide This provides the ability to test various aspects of a request, such as the IP. Chapter 1: Overview of Content Policy Language For new ProxySG appliances, the default is to deny all requests.

ProxySG Content Policy Language Guide With a few notable exceptions, triggers test one aspect of request, response, or associated state. Chapter 1: Overview of Content Policy Language. More complex boolean expressions are allowed for the patternexpression in the.

ProxySG Content Policy Language Guide Layers A policy layer is a CPL construct used to evaluate a set of rules. Chapter 1: Overview of Content Policy Language sectiontype label sectionconditionsectionproperties sectioncontent where:. The sectiontype defines the syntax of. ProxySG Content Policy Language Guide Named Definitions There are various types of named definitions.

Each definition is given a user. Chapter 1: Overview of Content Policy Language policy that does not require the realm. Once all outstanding transactions that.

ProxySG Content Policy Language Guide Authentication and Denial One of the most important timing relationships to be aware of is. Chapter 1: Overview of Content Policy Language client.address=!corporatesubnet deny; filter out strangers socks.authenticate(MyRealm); this happens earlier. ProxySG Content Policy Language Guide Equal sign (=) serverurl.scheme=mms Used to indicate the value a condition is to test. Chapter 1: Overview of Content Policy Language Conditional Compilation Occasionally, you might be required to maintain policy that can. ProxySG Content Policy Language Guide 32. Chapter 2: Managing Content Policy Language As discussed in Chapter 1, Content Policy Language policies are composed of transactions that.

ProxySG Content Policy Language Guide Each of the protocol-specific proxy transactions has specific information that can be tested—information that may. Chapter 2: Managing Content Policy Language Table 2.1: When Policy is Evaluated (Continued) Windows Media HTTP Before the authentication.

ProxySG Content Policy Language Guide An HTTP cache transaction is examined in two stages:. Before the object is retrieved. Chapter 2: Managing Content Policy Language But policy cannot determine the value of the Content-type response header until the. ProxySG Content Policy Language Guide.

The optional adminproperties is a list of properties set if any of the rules. Chapter 2: Managing Content Policy Language Layers layers are evaluated when a proxy transaction is terminated. ProxySG Content Policy Language Guide Layers layers define policy for authenticating and authorizing users’ requests for service over. Chapter 2: Managing Content Policy Language Timing The “late guards early” timing errors that can occur within a rule. ProxySG Content Policy Language Guide url.domain=nbc.com/athletics deny; etc, suppose it's a substantial list url.regex='sports athletics' accessserver(no) url.regex='.mail.' . Chapter 2: Managing Content Policy Language.

Rules in Rule sections are evaluated sequentially, top to bottom. ProxySG Content Policy Language Guide. serverurl.domain sections are allowed only in or layers. Section Guards Just as.

Chapter 2: Managing Content Policy Language. Do not mix the CacheOS 4.x filter-file syntax with CPL syntax. ProxySG Content Policy Language Guide The following example is an exception defined within a layer.

A company wants access to. Chapter 2: Managing Content Policy Language evaluation order as currently configured. Changes to the policy file evaluation order must.

ProxySG Content Policy Language Guide Best Practices. Express separate decisions in separate layers.

As policy grows and becomes more. Chapter 3: Condition Reference A condition is an expression that yields true or false when evaluated. Conditions can appear in. ProxySG Content Policy Language Guide.

condition::= trigger '=' expression. trigger::= identifier identifier '.' . Chapter 3: Condition Reference Unavailable Triggers Some triggers can be unavailable in some transactions. If a trigger is unavailable.

ProxySG Content Policy Language Guide acl= Deprecated syntax. See 'client.address=' on page 60 for more information. 52.

Chapter 3: Condition Reference admin.access= Tests the administrative access requested by the current transaction. It evaluates to null if. ProxySG Content Policy Language Guide attribute.name= Tests if the current transaction is authenticated in a RADIUS or LDAP realm, and. Chapter 3: Condition Reference authenticate(RADIUSRealm); This rule would restrict non-authorized users. Deny condition=!ProxyAllowed; This rule. ProxySG Content Policy Language Guide authenticated= True if authentication was requested and the credentials could be verified; otherwise, false. Chapter 3: Condition Reference bitrate= Tests if a streaming transaction requests bandwidth within the specified range or an exact.

ProxySG Content Policy Language Guide; Use this layer to override a deny in a previous layer; Grant. Chapter 3: Condition Reference category= Tests the content categories of the requested URL as assigned by policy definitions. ProxySG Content Policy Language Guide client.address= Tests the IP address of the client. The expression can include an IP address. Chapter 3: Condition Reference client.protocol= Tests true if the client transport protocol matches the specification. Replaces: clientprotocol= syntax client.protocol=http https ftp tcp socks mms rtsp icp aol-im msn-im yahoo-im.

ProxySG Content Policy Language Guide condition= Tests if the specified defined condition is true. Syntax condition=conditionlabel where conditionlabel is the. Chapter 3: Condition Reference time=0800.1000 month=1 hour=9.10 end condition=test deny; Example of a define. ProxySG Content Policy Language Guide consoleaccess= Tests if the current request is destined for the layer. This test can.

Chapter 3: Condition Reference contentadmin= The contentadmin= condition has been deprecated. For more information, see 'contentmanagement' on page 66. ProxySG Content Policy Language Guide contentmanagement Tests if the current request is a content management transaction. Replaces: contentadmin=yes no Syntax contentmanagement=yes no. Chapter 3: Condition Reference date.utc= Tests true if the current time is within the startdate.enddate range, inclusive.

The comparison. ProxySG Content Policy Language Guide day= Tests if the day of the month is in the specified range or an. Chapter 3: Condition Reference exception.id= Tests whether the exception being returned to the client is the specified exception. ProxySG Content Policy Language Guide; thrown by deny or forcedeny exception.id=policydenied action.loginterloper(yes) exception.id=userdefined.restrictedcontent; any policy required for.

Chapter 3: Condition Reference ftp.method= Tests FTP request methods against any of a well-known set of FTP methods. ProxySG Content Policy Language Guide group= Tests if the client is authenticated, and the client belongs to the specified group. Chapter 3: Condition Reference.

Applies to proxy and administrator transactions. This condition cannot be combined with the. ProxySG Content Policy Language Guide hasattribute.name= Tests if the current transaction is authenticated in an LDAP realm and if the. Chapter 3: Condition Reference See Also. Conditions: attribute.name=, authenticated=, group=, http.transparentauthentication=, realm=, user=, user.domain=.

Properties: authenticate( ). ProxySG Content Policy Language Guide hasclient= The hasclient= condition is used to test whether or not the current transaction has. Chapter 3: Condition Reference hour= Tests if the time of day is in the specified range or an exact.

ProxySG Content Policy Language Guide allow serverurl.domain=xyz.com; internal site always available allow weekday=6.7; unrestricted weekends allow hour=17.8. Chapter 3: Condition Reference http.method= Tests HTTP request methods against any of a common set of HTTP methods.

ProxySG Content Policy Language Guide http.request.version= Tests the version of HTTP used by the client in making the request to. Chapter 3: Condition Reference http.response.code= Tests true if the current transaction is an HTTP transaction and the response code. ProxySG Content Policy Language Guide http.response.version= Tests the version of HTTP used by the origin server to deliver the response. Chapter 3: Condition Reference http.transparentauthentication= This trigger evaluates to true if HTTP uses transparent proxy authentication for this request.

ProxySG Content Policy Language Guide http.xmethod= Tests HTTP request methods against any uncommon HTTP methods. A CPL parse warning is. Chapter 3: Condition Reference im.buddyid= Tests the buddyid associated with the instant messaging transaction. Syntax im.buddyid.casesensitive=useridstring im.buddyid.substring.casesensitive=substring im.buddyid.regex.casesensitive=“expr” where. ProxySG Content Policy Language Guide im.chatroom.conference= Tests whether the chat room associated with the instant messaging transaction has the conference. Chapter 3: Condition Reference im.chatroom.id= Tests the chat room ID associated with the instant messaging transaction.

Syntax im.chatroom.id.casesensitive=useridstring im.chatroom.id.substring.casesensitive=substring. ProxySG Content Policy Language Guide im.chatroom.inviteonly= Tests whether the chat room associated with the instant messaging transaction has the inviteonly. Chapter 3: Condition Reference im.chatroom.type= Tests whether the chat room associated with the transaction is public or private.

ProxySG Content Policy Language Guide im.chatroom.member= Tests whether the chat room associated with the instant messaging transaction has a member. Chapter 3: Condition Reference im.chatroom.voiceenabled= Tests whether the chat room associated with the instant messaging transaction is voice enabled. ProxySG Content Policy Language Guide im.file.extension= Tests the file extension of a file associated with an instant messaging transaction.

Chapter 3: Condition Reference im.file.name= Tests the file name (the last component of the path), including the extension, of. ProxySG Content Policy Language Guide im.file.path= Tests the file path of a file associated with an instant messaging transaction against. Chapter 3: Condition Reference im.file.size= Performs a signed 64-bit range test of the size of a file associated with. ProxySG Content Policy Language Guide im.message.opcode= Tests the value of an opcode associated with an instant messaging transaction whose im.method. Chapter 3: Condition Reference im.message.route= Tests how the instant messaging message reaches its recipients. Syntax im.message.route=service direct chat where:.

service—The. ProxySG Content Policy Language Guide im.message.size= Performs a signed 64-bit range test on the size of the instant messaging message. Chapter 3: Condition Reference im.message.text= Tests if the message text contains the specified text or pattern. Note: The.regex. ProxySG Content Policy Language Guide im.message.type= Tests the message type of an instant messaging transaction. Syntax im.message.type=text invite voiceinvite file filelist application where:. text—Normal.

Chapter 3: Condition Reference im.method= Tests the method associated with the instant messaging transaction. Syntax im.method=open create join joinuser login logout notifyjoin notifyquit notifystate quit receive receiveunknown send sendunknown setstate Layer and. ProxySG Content Policy Language Guide im.userid= Tests the userid associated with the instant messaging transaction. Syntax im.userid.casesensitive=useridstring im.userid.substring.casesensitive=substring im.userid.regex.casesensitive=“expr” where. Chapter 3: Condition Reference live= Tests if the streaming content is a live stream. Syntax live=yes no Layer and Transaction. ProxySG Content Policy Language Guide method= Tests the protocol method name associated with the transaction.

Appropriate method names depend on. Chapter 3: Condition Reference Examples http.method=GET response.header.Pragma=”no-cache' deny; This example is applicable to a blacklist model. ProxySG Content Policy Language Guide minute= Tests if the minute of the hour is in the specified range or an. Chapter 3: Condition Reference month= Tests if the month is in the specified range or an exact match. ProxySG Content Policy Language Guide protocol= The protocol= condition has been deprecated in favor of url.scheme=. For more information see.

Chapter 3: Condition Reference proxy.address= Tests the destination address of the arriving IP packet. The expression can include an. ProxySG Content Policy Language Guide proxy.card= Tests the ordinal number of the network interface card (NIC) used by a request.

Chapter 3: Condition Reference proxy.port= Tests if the IP port used by a request is within the specified range. ProxySG Content Policy Language Guide realm= Tests if the client is authenticated and if the client has logged into the. Chapter 3: Condition Reference. Properties: authenticate( ), authenticate.force( ), checkauthorization( ) 113.

ProxySG Content Policy Language Guide release.id= Tests the release ID of the ProxySG software. The release ID of the ProxySG. Chapter 3: Condition Reference release.version= Tests the release version of the ProxySG software. The release version of the ProxySG.

ProxySG Content Policy Language Guide request.header.headername= Tests the specified request header (headername) against a regular expression. Any recognized HTTP request. Chapter 3: Condition Reference request.header.headername.address= Tests if the specified request header can be parsed as an IP address; otherwise. ProxySG Content Policy Language Guide request.header.Referer.url= Test if the URL specified by the Referer header matches the specified criteria.

Chapter 3: Condition Reference; Relative URLs, such as docs subdirectories and pages, will match. Deny request.header.Referer.url=; Test. ProxySG Content Policy Language Guide request.header.Referer.url.host.regex=mycompany; request.header.Referer.url.path tests; The following request.header.Referer.url.path strings would all match the example. Chapter 3: Condition Reference request.xheader.headername= Tests the specified request header (headername) against a regular expression. Any HTTP request header. ProxySG Content Policy Language Guide request.xheader.headername.address= Tests if the specified request header can be parsed as an IP address; otherwise. Chapter 3: Condition Reference response.header.headername= Tests the specified response header (headername) against a regular expression.

• 30% for NI members (must be ) • 40% for all customers on orders of 10 or more Need help? This new edition includes the use of satellites and the display of navigational information on electronic charts. Theory is combined with practice so safe and reliable operations can be learned. Discounts available. Contact us on +44 (0)20 7928 1351 (Option 3) Monday to Friday, 9am to 5pm UK time or at The Admiralty Manuals are recognised worldwide as the leading authority on navigational knowledge and techniques.

Any recognized HTTP response. ProxySG Content Policy Language Guide response.xheader.headername= Tests the specified response header (headername) against a regular expression.

For HTTP requests, any. Chapter 3: Condition Reference serverurl= Tests if a portion of the URL used in server connections matches the specified. ProxySG Content Policy Language Guide.

Applies to all non-administrator transactions. Examples; Test if the server URL includes this. Chapter 3: Condition Reference;request;request; If the reverse DNS fails then the first request is.

ProxySG Content Policy Language Guide socks= This condition is true whenever the session for the current transaction involves SOCKS to. Chapter 3: Condition Reference socks.accelerated= Tests whether the SOCKS proxy will hand off this transaction to other protocol agents. ProxySG Content Policy Language Guide socks.method= Tests the SOCKS protocol method name associated with the transaction. Syntax socks.method=CONNECT BIND UDPASSOCIATE Layer and. Chapter 3: Condition Reference socks.version= Tests whether the version of the SOCKS protocol used to communicate to the client. ProxySG Content Policy Language Guide streaming.client= Tests the client agent associated with the current transaction. Syntax streaming.client=yes no windowsmedia realmedia quicktime where:.

yes. Chapter 3: Condition Reference streaming.content= Tests the content of the current transaction to determine whether or not it is. ProxySG Content Policy Language Guide time= Tests if the time of day is in the specified range or an exact. Chapter 3: Condition Reference; This example restricts the times during which certain; stations can log in with. ProxySG Content Policy Language Guide tunneled= Tests if the current transaction represents a tunneled request.

A tunneled request is one. Chapter 3: Condition Reference url= Tests if a portion of the requested URL matches the specified criteria. ProxySG Content Policy Language Guide //host:port //host:port/pathquery //host/pathquery host host:port host:port/pathquery host/pathquery /pathquery.

domainsuffixpattern—A URL pattern that includes a. Chapter 3: Condition Reference include a filename extension, such as and To test multiple extensions, use parentheses.

ProxySG Content Policy Language Guide.suffix—Test if the string pattern is a suffix of the URL or component. Chapter 3: Condition Reference slash is always present in the request URL being tested, because the URL is normalized. ProxySG Content Policy Language Guide If you are testing a large number of URLs using the url.domain= condition, consider the.

Chapter 3: Condition Reference; url.host.isnumeric=yes;; In the example below we assume that 1.2.3.4 is the. ProxySG Content Policy Language Guide user= Tests the authenticated username associated with the transaction. This trigger is only available if. Chapter 3: Condition Reference See Also. Conditions: attribute.name=, authenticated=, group=, hasattribute.name=, http.transparentauthentication=, realm=, user.domain=. Properties: authenticate( ).

ProxySG Content Policy Language Guide user.domain= Tests if the client is authenticated, the logged-into realm is an NTLM realm, and. Chapter 3: Condition Reference user.x509.issuer= Tests the issuer of the x509 certificate used in authentication to certificate realms. ProxySG Content Policy Language Guide user.x509.serialNumber= Tests the serial number of the x509 certificate used to authenticate the user against. Chapter 3: Condition Reference user.x509.subject= Tests the subject field of the x509 certificate used to authenticate the user against. ProxySG Content Policy Language Guide weekday= Tests if the day of the week is in the specified range or an. Chapter 3: Condition Reference year= Tests if the year is in the specified range or an exact match.

ProxySG Content Policy Language Guide 152. Chapter 4: Property Reference A property is a variable that can be set to a value.

At the beginning of. ProxySG Content Policy Language Guide accesslog( ) Selects the access log used for this transaction.

Multiple access logs can be. Chapter 4: Property Reference accessserver( ) Determines whether the client can receive streaming content directly from the origin content. ProxySG Content Policy Language Guide action( ) Selectively enables or disables a specified define action block. The default value is. Chapter 4: Property Reference advertisement( ) Determines whether to treat the objects at a particular URL as banner ads.

ProxySG Content Policy Language Guide allow Allows the transaction to be served. Allow can be overridden by the accessserver( ).

Chapter 4: Property Reference alwaysverify( ) Determines whether each request for the objects at a particular URL must be. ProxySG Content Policy Language Guide authenticate( ) Identifies the realm used to authenticate the user associated with the current transaction.

Chapter 4: Property Reference url.domain =!corporate.com authenticate(OurRealm, “log in for internet access”) The next example illustrates the relation. ProxySG Content Policy Language Guide authenticate.force( ) This property controls the relation between authentication and denial. Syntax authenticate.force(yes no) The default. Chapter 4: Property Reference authenticate.mode( ) Using the authentication.mode( ) property selects a combination of challenge type and surrogate.

ProxySG Content Policy Language Guide. origin-cookie (origin/cookie)—Used in forward proxies to support pass-through authentication more securely than origin-ip if. Chapter 4: Property Reference authenticate.useurlcookie( ) This property is used to authenticate users who have third party cookies explicitly.

ProxySG Content Policy Language Guide blockcategory( ) This property has been deprecated. In current CPL, the use of blockcategory(categorylist) has. Chapter 4: Property Reference bypasscache( ) Determines whether the cache is bypassed for a request. If set to yes.

ProxySG Content Policy Language Guide cache( ) Controls HTTP and FTP caching behavior. A number of CPL properties affect caching. Chapter 4: Property Reference See Also.

Properties: advertisement( ), alwaysverify( ), bypasscache( ), cookiesensitive( ), direct( ), dynamicbypass. ProxySG Content Policy Language Guide checkauthorization( ) In connection with CAD (Caching Authenticated Data) and CPAD (Caching Proxy-Authenticated Data) support. Chapter 4: Property Reference contentfilteroverride( ) This property has been deprecated. Contentfilteroverride(yes) has two effects:. It prevents the. ProxySG Content Policy Language Guide cookiesensitive( ) Used to modify caching behavior by declaring that the object served by the. Chapter 4: Property Reference deleteonabandonment( ) If set to yes, specifies that if all clients who may be simultaneously.

ProxySG Content Policy Language Guide deny( ) Denies service. Denial can be overridden by allow or exception( ). Chapter 4: Property Reference deny.unauthorized( ) The deny.unauthorized property instructs the ProxySG to issue a challenge (401 Unauthorized. ProxySG Content Policy Language Guide direct( ) Used to prevent requests from being forwarded to a parent proxy or SOCKS.

Chapter 4: Property Reference dynamicbypass( ) Used to indicate that a particular transparent request is not to be handled. ProxySG Content Policy Language Guide exception( ) Selects a built-in or user-defined response to be returned to the user. Chapter 4: Property Reference exception.autopad( ) Pad an HTTP exception response by including trailing whitespace in the response body. ProxySG Content Policy Language Guide forcecache( ) Used to force caching of HTTP responses that would otherwise be considered uncacheable. Chapter 4: Property Reference forcedeny( ) The forcedeny( ) property is similar to deny( ) except that it:. ProxySG Content Policy Language Guide forceexception( ) The forceexception( ) property is similar to exception except that it:.

Cannot. Chapter 4: Property Reference forcepatiencepage( ) This property provides control over the application of the default patience page logic.

ProxySG Content Policy Language Guide forward( ) Determines forwarding behavior. There is a box-wide configuration setting (configforwardingsequence) for the default. Chapter 4: Property Reference forward.failopen( ) Controls whether the ProxySG terminates or continues to process the request if the. ProxySG Content Policy Language Guide ftp.serverconnection( ) Determines when the control connection to the server is established. Chapter 4: Property Reference ftp.serverdata( ) Determines the type of data connection to be used with this FTP transaction. ProxySG Content Policy Language Guide ftp.transport( ) Determines the upstream transport mechanism.

This setting is not definitive. It depends on. Chapter 4: Property Reference http.forcentlmforserverauth( ) Turns on/off NTLM cloaking on a per-request basis.

Refer to Appendix A: “NTLM. ProxySG Content Policy Language Guide http.request.version( ) The http.request.version( ) property sets the version of the HTTP protocol to be.

Chapter 4: Property Reference http.response.version( ) The http.response.version( ) property sets the version of the HTTP protocol to be. ProxySG Content Policy Language Guide icp( ) Determines whether to consult ICP when forwarding requests. Any forwarding host or SOCKS. Chapter 4: Property Reference im.stripattachments( ) Determines whether attachments are stripped from instant messages.

If set to yes, attachments. ProxySG Content Policy Language Guide integratenewhosts( ) Determines whether to add new host addresses to health checks and load balancing. Chapter 4: Property Reference label( ) This deprecated property is provided for backward compatibility with CacheOS 4.x filter files. ProxySG Content Policy Language Guide log.rewrite.field-id( ) The log.rewrite.field-id property controls rewrites of a specific log field in one.

Chapter 4: Property Reference log.suppress.field-id( ) The log.suppress.field-id( ) property controls suppression of the specified field-id in one. ProxySG Content Policy Language Guide maxbitrate( ) Enforces upper limits on the instantaneous bandwidth of the current streaming transaction. Chapter 4: Property Reference neverrefreshbeforeexpiry( ) The neverrefreshbeforeexpiry( ) property is similar to the CLI command: SGOS#(config) http strict-expiration. ProxySG Content Policy Language Guide neverserveafterexpiry( ) The neverserveafterexpiry( ) property is similar to the CLI command: SGOS#(config) http strict-expiration.

Chapter 4: Property Reference patiencepage( ) Controls whether or not a patience page can be served, and if so. ProxySG Content Policy Language Guide pipeline( ) Determines whether an object embedded within an HTML container object is pipelined. Chapter 4: Property Reference prefetch( ) This deprecated property has been replaced by pipeline( ). For more information, see. ProxySG Content Policy Language Guide reflectip( ) Determines how the client IP address is presented to the origin server for. Chapter 4: Property Reference reflectvip( ) This deprecated syntax has been replaced by the reflectip( ) property.

Reference Guide Definition

ProxySG Content Policy Language Guide refresh( ) Controls refreshing of requested objects. Set to no to prevent refreshing of the. Chapter 4: Property Reference removeIMSfromGET( ) The removeIMSfromGET( ) property is similar to the CLI command: SGOS#(config) http substitute. ProxySG Content Policy Language Guide removePNCfromGET( ) The removePNCfromGET property is similar to the CLI command: SGOS#(config) http substitute pragma-no-cache. Chapter 4: Property Reference removereloadfromIEGET( ) The removereloadfromIEGET( ) property is similar to the CLI command: SGOS#(config) http substitute. ProxySG Content Policy Language Guide request.filterservice( ) Controls whether the request is processed by an external content filter service. Chapter 4: Property Reference url.address=10.0.0.0/8; don't filter internal network client.address=10.1.2.3; don't filter this client See Also.

ProxySG Content Policy Language Guide request.icapservice( ) Determines whether a request from a client should be processed by an external. Chapter 4: Property Reference response.icapservice( ) Determines whether a response to a client request is first sent to an. ProxySG Content Policy Language Guide service( ) This deprecated syntax has been replaced by the allow, deny( ) and exception(.

Chapter 4: Property Reference socks.accelerate( ) The socks.accelerate property controls the SOCKS proxy handoff to other protocol agents. ProxySG Content Policy Language Guide socks.authenticate( ) The same realms can be used for SOCKS proxy authentication as can be. Chapter 4: Property Reference socks.authenticate.force( ) This property controls the relation between SOCKS authentication and denial. Syntax socks.authenticate.force(yes no) The. ProxySG Content Policy Language Guide socksgateway( ) Controls whether or not the request associated with the current transaction is sent. Chapter 4: Property Reference socksgateway.failopen( ) Controls whether the ProxySG terminates or continues to process the request if the. ProxySG Content Policy Language Guide streaming.transport( ) Determines the upstream transport mechanism to be used for this streaming transaction.

Chapter 4: Property Reference terminateconnection( ) The terminateconnection( ) property is used in an layer to drop the. ProxySG Content Policy Language Guide trace.destination( ) Used to change the default path to the trace output file.

Chapter 4: Property Reference trace.request( ) Determines whether detailed trace output is generated for the current request. ProxySG Content Policy Language Guide trace.rules( ) Determines whether trace output is generated showing policy rule evaluation for the transaction. Chapter 4: Property Reference ttl( ) Sets the time-to-live (TTL) value of an object in the cache, in seconds. ProxySG Content Policy Language Guide uasensitive( ) Used to modify caching behavior by declaring that the response for a given. Chapter 5: Action Reference An action takes arguments and is wrapped in a user-named action definition block. When the action.

ProxySG Content Policy Language Guide append( ) Appends a new component to the specified header. Note: An error results if. Chapter 5: Action Reference delete( ) Deletes all components of the specified header.

Note: An error results if two. ProxySG Content Policy Language Guide deletematching( ) Deletes all components of the specified header that contain a substring matching a. Chapter 5: Action Reference im.alert( ) Deliver a message in-band to the instant messaging user.

The text appears in. ProxySG Content Policy Language Guide logmessage( ) Writes the specified string to the ProxySG event log. Events generated by logmessage(. Chapter 5: Action Reference notifyemail( ) Sends an email notification to the list of recipients specified in the Event.

ProxySG Content Policy Language Guide notifysnmp( ) Multiple notifysnmp actions may be specified, resulting in multiple SNMP traps for a. Chapter 5: Action Reference redirect( ) Ends the current HTTP transaction and returns an HTTP redirect response to the. ProxySG Content Policy Language Guide replace( ) This deprecated action has been replaced by rewrite( ). For more information, see. Chapter 5: Action Reference rewrite( ) Rewrites the request URL, URL host, or components of the specified header if. ProxySG Content Policy Language Guide URL is considered complete, and replaces any URL that contains a substring matching the regexpattern.

Chapter 5: Action Reference See Also. Actions: append( ), delete( ), deletematching( ), redirect( ), set( ), transform. ProxySG Content Policy Language Guide set( ) Sets the specified header to the specified string after deleting all components of.

Chapter 5: Action Reference Discussion Any change to the server form of the request URL must be respected. ProxySG Content Policy Language Guide transform Invokes an active content or URL rewrite transformer. The invoked transformer takes effect only.

Cpl Reference Ranges

Chapter 5: Action Reference See Also. Properties: action( ). Definitions: define action, transform activecontent, transform url.rewrite 243. ProxySG Content Policy Language Guide viruscheck( ) This deprecated action sends the requested document to a virus scanning server. Chapter 6: Definition Reference In policy files, definitions serve to bind a set of conditions, actions, or transformations to a. ProxySG Content Policy Language Guide define action Binds a user-defined label to a sequence of action statements.

The action( ). Chapter 6: Definition Reference. Definitions: transform activecontent, transform urlrewrite. Chapter 5: 'Action Reference'. 247. ProxySG Content Policy Language Guide define activecontent Defines rules for removing or replacing active content in HTML or ASX documents.

Chapter 6: Definition Reference Layer and Transaction Notes. Applies to proxy transactions.

Only alphanumeric, underscore, dash, and. ProxySG Content Policy Language Guide define category Category definitions are used to extend vendor content categories or to create your.

Chapter 6: Definition Reference sportsworld.com category=football; include subcategory end define category football nfl.com cfl.ca end The following policy. ProxySG Content Policy Language Guide define condition Binds a user-defined label to a set of conditions for use in a.

Chapter 6: Definition Reference define condition extensionlowrisk; file types assumed to be low risk. Url.extension=(asf,asx,gif,jpeg,mov,mp3,ram,rm,smi,smil,swf,txt,wax,wma,wmv,wvx) end define condition. ProxySG Content Policy Language Guide define domain This deprecated syntax has been replaced by the url.domain condition.

For more information. Chapter 6: Definition Reference define javascript A javascript definition is used to define a javascript transformer, which adds javascript. ProxySG Content Policy Language Guide See Also. Actions: transform. Definitions: define action. Properties: action( ) 256. Chapter 6: Definition Reference define prefix condition This deprecated syntax has been replaced by the define url condition.

ProxySG Content Policy Language Guide define serverurl.domain condition Binds a user-defined label to a set of domain-suffix patterns for use. Chapter 6: Definition Reference affinityclub.example.com end condition=!allowed accessserver(no) See Also Condition: condition=, serverurl.domain= Definitions: define url.domain condition 259. ProxySG Content Policy Language Guide define subnet Binds a user-defined label to a set of IP addresses or IP subnet. Chapter 6: Definition Reference define url condition Binds a user-defined label to a set of URL prefix patterns for. ProxySG Content Policy Language Guide timing restrictions for the defined condition will depend on the layer and timing restrictions of. Chapter 6: Definition Reference define url.domain condition Binds a user-defined label to a set of domain-suffix patterns for use.

ProxySG Content Policy Language Guide See Also. Condition: condition=, serverurl.domain=. Definitions: define url condition, define serverurl.domain condition 264.

Chapter 6: Definition Reference define urlrewrite Defines rules for rewriting URLs embedded in tags within HTML, CSS, JavaScript. ProxySG Content Policy Language Guide.

serverurlsubstring—A string that, if found in the server URL, will be replaced by the. Chapter 6: Definition Reference restrict dns This definition restricts DNS lookups and is useful in installations where access to.

ProxySG Content Policy Language Guide restrict rdns This definition restricts reverse DNS lookups and is useful in installations where access. Chapter 6: Definition Reference transform activecontent This deprecated syntax has been replaced by define activecontent.

For more information see. ProxySG Content Policy Language Guide transform urlrewrite This deprecated syntax has been replaced by define urlrewrite. For more information see. Appendix A: Glossary actions A class of definitions.

CPL has two general classes of actions: request or response modifications and. ProxySG Content Policy Language Guide Forward Policy File A file you create or that might be created during an upgrade. Appendix A: Glossary response a modification of the object being returned. This modification can be to either the transformation.

ProxySG Content Policy Language Guide 274. Appendix B: Testing and Troubleshooting If you are experiencing problems with your policy files or would like to monitor evaluation. ProxySG Content Policy Language Guide Enabling Request Tracing Use the trace.request( ) property to enable request tracing. Request tracing logs.

Appendix B: Testing and Troubleshooting Here are the relevant policy requirements to be expressed:. DNS lookups are restricted. ProxySG Content Policy Language Guide 1 start transaction - 2 CPL Evaluation Trace: 3 4 MATCH: trace.rules(all) trace.request(yes) 5.

Appendix B: Testing and Troubleshooting The following is a trace of the same policy, but for a transaction in. ProxySG Content Policy Language Guide Policy: Action discarded, 'setheader1' conflicts with an action already committed The conflict is reflected in. Appendix C: Recognized HTTP Headers The tables provided in this appendix list all recognized HTTP 1.1 headers and indicate how. ProxySG Content Policy Language Guide Table C.1: HTTP Headers Recognized by the ProxySG If-Match Request X If-Modified-Since Request If-None-Match Request. Appendix D: CPL Substitutions This appendix lists all substitution variables available in CPL.

To use a variable in CPL, it. ProxySG Content Policy Language Guide sr-bytes Number of bytes sent from appliance to upstream host. Sr-headerlength Number of bytes in. Appendix D: CPL Substitutions x-bluecoat- transaction.id Unique per-request identifier generated by transaction-id the appliance (note: this value is not. ProxySG Content Policy Language Guide cs-version request.version Protocol and version from the client's request; for example, HTTP/1.1.

X-bluecoat-proxy-via- proxy.viahttpversion Default. Appendix D: CPL Substitutions x-bluecoat-special-esc esc Resolves to the escape character (ASCII HEX 1B). X-bluecoat-special-gt gt The greater-than character. ProxySG Content Policy Language Guide x-bluecoat-surfcontrol- Specialized value for SurfControl reporter.

Reporter-id x-bluecoat-websense- The Websense specific content category ID. Appendix D: CPL Substitutions x-patience-url patienceurl The url to be requested for more patience information. X-virus-id Identifier of a. ProxySG Content Policy Language Guide x-bluecoat-day day Localtime day (as a number) formatted to take up two spaces; for example. Appendix D: CPL Substitutions cs-uri-hostname logurl.hostname Hostname from the 'log' URL. RDNS is used if the URL uses an. ProxySG Content Policy Language Guide sr-uri-query serverurl.query Query from the upstream request URL.

Sr-uri-scheme serverurl.scheme Scheme from the URL used. Appendix D: CPL Substitutions Category: user ELFF CPL Description cs-auth-group group One group that an authenticated client is a. ProxySG Content Policy Language Guide cs(Accept-Language) request.header.Accept- Request header: Accept-Language Language cs(Accept-Ranges) request.header.Accept- Request header: Accept-Ranges Ranges cs(Age) request.header.Age Request. Appendix D: CPL Substitutions cs(If-Unmodified- request.header.If- Request header: If-Unmodified-Since Since) Unmodified-Since cs(Last-Modified) request.header.Last- Request header: Last-Modified Modified cs(Location) request.header.Location. ProxySG Content Policy Language Guide cs(X-Forwarded-For) request.header.

Request header: X-Forwarded-For X-Forwarded-For Category: siresponseheader ELFF CPL Description rs(Accept) response.header.Accept Response header. Appendix D: CPL Substitutions rs(From) response.header.From Response header: From rs(Front-End-HTTPS) response.header. Response header: Front-End-HTTPS Front-End-HTTPS rs(Host) response.header.Host Response header. ProxySG Content Policy Language Guide rs(Vary) response.header.Vary Response header: Vary rs(Via) response.header.Via Response header: Via rs(WWW-Authenticate) response.header. Response header: WWW-Authenticate. Appendix E: Filter File Syntax This appendix provides a summary of the syntax and evaluation order used in CacheOS version. ProxySG Content Policy Language Guide Filter-Part Components The filter part of a filter file can contain the following:.

Filters. Appendix E: Filter File Syntax. The only condition available in filter lines is the acl= condition, which is. ProxySG Content Policy Language Guide Table F.1: Properties available in CacheOS 4.x filter files cache yes no When set. Appendix E: Filter File Syntax. protocol=value—An optional protocol= condition expression. Available values are http, https, ftp, mms, rtsp.

ProxySG Content Policy Language Guide While prefix-pattern filters are commonly used outside of any section, the Prefix section is provided. Appendix E: Filter File Syntax. The domain-suffix filter denies service to all URLs where company.com is a. ProxySG Content Policy Language Guide Evaluation Order CacheOS 4.x filter files have a different order of evaluation than CPL files. Appendix F: Upgrading from CacheOS When upgrading from CacheOS version 4.x to the ProxySG, the default policy files are created. ProxySG Content Policy Language Guide For the CPL compiler, the correct filter will be selected at run time based on.

Index A C layers, understanding 37 cache property, filter file 302 accesslog( ) property 154 cache transactions 33, 271. ProxySG Configuration and Management Guide D layers in CacheOS 4.x filter files 307 date= condition 67 layers in standard CPL-style. Index H latest commit time 35 hasattribute.name= condition 74 layer guards, understanding 40 hasclient= condition 76 layers hour= condition. ProxySG Configuration and Management Guide rules, conflicting 47 forward( ) 184 statistics, example 276 forward.failopen( ) 185 testing 275 ftp.serverconnection(. Index Q section types, understanding 43 quoting, understanding 22 url 43 understanding 41 R sections realm= condition 112 Domain-Suffix. ProxySG Configuration and Management Guide T upgrade/downgrade issues time= condition 134 conditional compilation 31 timing CPL syntax deprecations 30 in.