Blue Coat Systems Proxy SG Manual

A SERVICE OF

next previous

ProxySG Content Policy Language Guide

24

Layers

A policy layer is a CPL construct used to evaluate a set of rules and reach one decision. Separating

decisions helps control policy complexity, and is done through writing each decision in a separate

layer. Each layer has the form:

<layer_type [label]> [layer_condition][layer_properties] ...

layer_content

where:

• The

layer_type defines the transactions evaluated against this policy, and restricts the triggers

and properties allowed in the rules used in the layer. See the following Layer Types section.

• The optional

label, separated from the layer type by space, is a CPL User-defined Identifier (see

section Chapter 2), basically an alphabetic character followed by alphanumeric or underscore

characters.

• The optional

layer_condition is a list of triggers, all of which must evaluate to true before the

layer content is evaluated.

• The optional

layer_properties is a list of properties that will become the default settings for

those properties for any rule matched in the layer. These can be overridden by explicitly setting a

different value for that property in a specific rule within the layer.

• The

layer_content is a list of rules, possibly organized in sections. (see following). A layer must

contain at least one rule.

Collectively, the layer_condition and layer_properties are often referred to as a layer guard expression.

If a rule has the logical form “if (condition is true) then set properties”, a layer has the form:

if (layer_condition is true) then

{

if (rule1_condition is true) then

set layer_properties then set rule1 properties

else if (rule2_condition is true) then

set layer_properties then set rule2 properties

else if (rule3_condition is true) then

set layer_properties then set rule3 properties

...

}

Within a layer, the first rule that matches terminates evaluation of that layer.

Layers within a policy are evaluated from top to bottom, with rules in later layers taking precedence

over rules in earlier layers.

In CPL, all policy rules are written in a layer. A rule cannot appear in policy preceding any layer

header.

Sections

The rules in layers can optionally be organized in one or more sections, which is a way of grouping

rules together. A section consists of a section header followed by a list of rules.

A section has the form: