Filter
Top Products
Chapter 3: Condition Reference
111
proxy.port=
Tests if the IP port used by a request is within the specified range or an exact match.The numeric
pattern used to test the
proxy.port= condition can contain no whitespace.
If the transaction was explicitly proxied, then this tests the IP port that the client used to reach the
proxy. The pattern is a number between 1 and 65535 or a numeric range.
If the transaction was transparently proxied, however, then
proxy.port= tests which port the client
thinks it is connecting to on the upstream proxy device or origin server. If the client thinks it is
connecting directly to the origin server, but is transparently proxied, and if the port number specified
by the client in the request URL is not inconsistent or falsified, then
proxy.port= and
server_url.port= are testing the same value.
Note: Since the ProxySG default configuration passes through tunneled traffic, some changes must
be made to begin transparent port monitoring. Only proxy ports that have been configured
and enabled can be tested using the
proxy.port= condition. For example, if the transparent
FTP service, on port 21, is either not configured or not enabled, a policy rule that includes
proxy.port=21
has no effect.
Replaces:
proxy_port=
Syntax
proxy.port={[low_port_number]..[high_port_number]|exact_port_number}
where:
•
low_port_number—A port number at the low end of the range to be tested. Can be a number
between 1 and 65535.
•
high_port_number—A port number at the high end of the range to be tested. Can be a number
between 1 and 65535.
•
exact_port_number—A single port number; for example, 80. Can be a number between 1 and
65535.
Layer and Transaction Notes
•Use in
<Admin>, <Proxy>, and <Forward> layers.
• Applies to proxy transactions.
Examples
; Deny URL through the default proxy port.
<proxy>
url=http://www.example.com proxy.port=8080 deny
See Also
• Conditions:
client.address=, client.protocol=, proxy.address=, proxy.card=,
proxy.port=, server_url.port=