Is there a way to stop policy evaluation using CPL?


<< Back to Knowledge Search

Solution

Overview

Yes, adding EXIT at the end of a rule will cause the proxy to stop evaluating the policy at that point.

If you match an exit rule on layer 2 of 10, then that's where policy evaluation stops. The proxy won't look at following layers. If no "allow" or "deny" decision was a match, then the default policy rule applies.

 

Example1 :

Default policy is "deny"

<proxy>

url.address=1.2.3.4 EXIT

<proxy>

url.address=1.2.3.4 allow

  

This would result in denying URL address 1.2.3.4 since the exit would stop processing and the default policy would apply.

 

Example 2 :

Default policy is "deny"

<proxy>

url.address=1.2.3.4 ALLOW EXIT

<proxy>

url.address=1.2.3.4 deny

 

In this case, the URL address 1.2.3.4 would be allowed since it matched on the "ALLOW" and the policy evaluation was exited.

 

Cause
Resolution
Workaround
Additional Information
Bug Number
InQuira Doc IdFAQ213
Attachment

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      ProxySG
Topic      Policy Management
Article Number      000012056
Summary     
Was this helpful?
Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat