Manualshelf

User Manual

ManualsBrandsBlue Coat Systems ManualsClockTime Clock Proxy SG
21222324252627282930
ProxySG Content Policy Language Guide
30
Troubleshooting Policy
When installed policy does not behave as expected, use policy tracing to understand the behavior of
the installed policy.
Tracing records additional information about a transaction and re-evaluates the transaction when it is
terminated; however, it does not show the timing of evaluations through transaction processing. The
extra processing required significantly impacts performance, so do not enable tracing in production
environments unless you need to reproduce and diagnose a problem. If tracing is used on a system in
production, attempt to restrict which transactions are traced. For example, you can trace only requests
from a test workstation by defining the tracing rules as conditional on a client.address= trigger that
tests for that workstation's IP address.
For more information on generating and retrieving policy trace, see Appendix B: "Testing and
Troubleshooting".
While policy traces can show the rule evaluation behavior, they do not show the final effect of policy
actions like HTTP header or URL modifications. To see the result of these policy actions it is often
useful to actually view the packets sent and received. The PCAP facility can be used in conjunction
with tracing to see the effect of the actions set by the matching rules.
Upgrade/Downgrade Issues
Specific upgrade downgrade issues will be mentioned in the release notes accompanying your version
of SGOS. This section highlights general upgrade downgrade issues related to policy written in CPL.
CPL Syntax Deprecations
As the power of CPL has increased, the CPL language has evolved. To allow continuous evolution, the
CPL language constructs are now more regular and flexible. Older language constructs have been
replaced with new constructs of equal or greater power.
However, this also implies that support for old language constructs will eventually be dropped to
help maintain the runtime efficiency of evaluation. As part of the migration strategy, the CPL
compilation warnings might include warnings regarding the use of deprecated constructs. This class
of warning is special, and indicates use of a CPL language element that will not be supported in the
next major release of SGOS. Eliminate deprecation warnings by migrating the policy identified by the
warning to more modern syntax, which is usually indicated in the warning message. Attempts to
upgrade to the next major release might fail, or result in a failure to load policy, unless all deprecation
warnings are eliminated.
Equal sign (=) server_url.scheme=mms Used to indicate the value a condition is to
test.
Parentheses ( ) service(no) Used to enclose the value that a property is
to be set to, or group components of a test.