Is there a way to stop policy evaluation using CPL?



Yes, adding EXIT at the end of a rule will cause the proxy to stop evaluating the policy at that point.

If you match an exit rule on layer 2 of 10, then that's where policy evaluation stops. The proxy won't look at following layers. If no "allow" or "deny" decision was a match, then the default policy rule applies.


Example1 :

Default policy is "deny"


url.address= EXIT


url.address= allow


This would result in denying URL address since the exit would stop processing and the default policy would apply.


Example 2 :

Default policy is "deny"


url.address= ALLOW EXIT


url.address= deny


In this case, the URL address would be allowed since it matched on the "ALLOW" and the policy evaluation was exited.


Additional Information
Bug Number
InQuira Doc IdFAQ213

Article Feedback

Did this Article solve your issue?
Additional Comments:
Previous MonthNext Month