Blue Coat Systems Proxy SG Time Clock User Manual


 
ProxySG Content Policy Language Guide
26
Named Definitions
There are various types of named definitions. Each definition is given a user defined name that is then
used in rules to refer to the definition. This section highlights a few of the definition types, as an
overview of the topic. Refer to the Definitions reference chapter for more details.
Subnet Definitions
Subnet definitions are used to define a list of IP addresses or IP subnet masks that can be used to test
any of the IP addresses associated with the transaction, for example, the client’s address or the
request’s destination address.
Condition Definitions
Condition definitions can include any triggers that are legal in the layer referencing the condition. The
condition= trigger is the exception to the rule that triggers can test only one aspect of a transaction.
Since conditions definitions can include other triggers,
condition= triggers can test multiple parts of
the transaction state. Also, condition definitions allow for arbitrary boolean combinations of trigger
expressions.
Category Definitions
Category definitions are used to extend vendor content categories or to create your own. These
categories are tested (along with any vendor defined categories) using the
category= trigger.
Action Definitions
An action takes arguments and is wrapped in a named action definition block. Actions are turned on
or off for a transaction through setting the
action( ) property. The action property has syntax that
allows for individual actions to be turned on and off independently. When the action definition is
turned on, any actions it contains operate on their respective arguments.
Transformer Definitions
A transformer definition is a kind of named definition that specifies a transformation that is to be
applied to an HTTP response. There are three types:
url_rewrite definitions, active_content
definitions, and
javascript definitions.
Anonymous Definitions
Two types of anonymous definitions modify policy evaluation, but are not referenced by any rules.
These definitions serve to restrict DNS and Reverse-DNS lookups and are useful in installations
where access to DNS or Reverse-DNS resolution is limited or problematic.
Referential Integrity
Policy references many objects defined in system configuration, such as authentication realms,
forward hosts, SOCKS gateways, and the like. CPL enforces the integrity of those references by
ensuring that the entities named in policy exist and have appropriate characteristics at the time the
policy is compiled. During runtime, any attempts to remove a configured object that is referenced by
currently active policy will fail.
To remove a configured entity, such as a realm, that is referenced by policy, new policy must be
installed with all references to that realm removed. New transactions will open against a version of