Is there a way to stop policy evaluation using CPL?

Solution

Overview

Yes, adding EXIT at the end of a rule will cause the proxy to stop evaluating the policy at that point.

If you match an exit rule on layer 2 of 10, then that's where policy evaluation stops. The proxy won't look at following layers. If no "allow" or "deny" decision was a match, then the default policy rule applies.

 

Example1 :

Default policy is "deny"

<proxy>

url.address=1.2.3.4 EXIT

<proxy>

url.address=1.2.3.4 allow

  

This would result in denying URL address 1.2.3.4 since the exit would stop processing and the default policy would apply.

 

Example 2 :

Default policy is "deny"

<proxy>

url.address=1.2.3.4 ALLOW EXIT

<proxy>

url.address=1.2.3.4 deny

 

In this case, the URL address 1.2.3.4 would be allowed since it matched on the "ALLOW" and the policy evaluation was exited.

 

Cause
Resolution
Workaround
Additional Information
Bug Number
InQuira Doc IdFAQ213
Attachment

Article Feedback

Did this Article solve your issue?
Additional Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat