When the policy rules within a layer are evaluated, remember that evaluation is from the top down, but the first rule that matches will end further evaluation of that layer. Therefore, the most specific conditions, or exceptions, should be defined first. Within a layer, use the sequence of most-specific to most-general policy.

Filter File Structure

A CacheOS 5.x filter file consists of two parts, both of which are optional. The two parts are divided by a define_actions line. The first part, which can be considered the filter part, consists of filters and access-control list (ACL) definitions. The second part, or action part, contains action and transformer definitions. All filters must be written above the define_actions line. All action and transformer definitions must be written below the define_actions line.

By contrast, CPL action and transformer definitions may appear anywhere in the policy file.

Filter-Part Components

The filter part of a filter file can contain the following:

• Filters that are not part of a section

• Sections

• ALL statements

• default_filter_properties statements

• Access-control list (ACL) definitions

Filters that are not part of a section must occur before the first section. The default_filter_properties statements must be written after the last filter or section. The ALL statements and ACL definitions can be written anywhere before the define_actions line. All of these components are optional.

Filters

In CPL, the concept of a filter has been replaced by the concept of a rule. A filter is a line that includes, at a minimum, a URL pattern. The filter is considered to be a match if the requested URL matches the URL pattern. It can also include a tag specifying whether the match will be case-sensitive, an acl condition expression for specifying a defined access-control list, and a property setting. Multiple acl conditions and property settings can be listed. A filter line has the following general syntax:

url_pattern [case_insensitive = { yes | no }] [acl=expression] [property=value]

…

url_pattern

where url_pattern is either a prefix-style pattern (like the prefix_pattern used in the url=condition) or a regular-expression pattern (as is used in the url_regex= condition, see “Sections” on page 303). For more information on URLs, see “url=” on page 137.

case_insensitive= {yes|no}

where case_insensitive is an optional property that can specify whether URLs matches are case-sensitive. By default, matching is case-sensitive. For more information, see “Properties” on page 301.

acl=expression

where acl= can include an IP address or subnet, or the label of a define acl definition block. For more information, see “Conditions” on page 301.

property=value

where property= is an optional property setting. For a list of properties available in filter files, see

Local Policy File Override VPM

define condition Corporate_Sites

url.domain = xyz

url.domain = xyz

Section 1:

Proxy trace – View and diagnose proxy traffic

Cache:

Sites cached for performance reasons

url.domain=(www.xyz.com) cache(no) pipeline(no)

url.address=(x.x.x.x) cache(no)

url.domain=(www.xyz.com) direct(yes)

ALLOW condition=WSUS exit

ALLOW condition=owa_auth_problem action.proxy_header(yes)

DENY condition=ms_messenger

DENY condition=yahoo_msg exit

ALLOW condition=ports

Define condition trusted

url.domain=xyz

url.address=x.x.0.0/16

Define condition WSUS

Client.address=x.x.x.x /32

Client.address=x.x.0.0 /16

End condition WSUS

Define condition owa_auth_problem

set (response.x_header.Proxy-Support, ‘none’)

end condition owa_auth_problem

http://list.bluecoat.com/Blue-coatwf/activity/download/Blue-coatwf.db

Bluecoat

BLK-EXT – Blocked Extensions – First rule

Forced Deny or Accept

Exit – Unconditional

VPM – Control traffic

Networks match on source

URL Block list

Forced download

Expect server – gets logs from Blue-coat’s, configuration – sent to centralized location (disk) then to tape

Scope edge enabled when needed