Note  Filtering rules for NTLM and LDAP are defined on the Access Control > Authentication Realms tab and stored in the auth.config file.

Important  After you modify the file, run content_line -x from the Content Gateway bin directory (/opt/WCG/bin) to apply the changes. When you apply the changes to a node in a cluster, Content Gateway applies the changes to all nodes in the cluster.

Primary Destination Type	Allowed Value
dest_domain	A requested domain name
dest_host	A requested hostname
dest_ip	A requested IP address
url_regex	A regular expression to be found in a URL

Note  You can use more than one secondary specifier in a rule. However, you cannot repeat a secondary specifier.

Secondary Specifier	Allowed Value
time	A time range, such as 08:00-14:00
prefix	A prefix in the path part of a URL
suffix	A file suffix in the URL
src_ip	A single client IP address, or a client IP address range.
port	A requested URL port
method	A request URL method; one of the following: get post put trace
scheme	A request URL protocol. You can specify one of the following: HTTP HTTPS FTP (for FTP over HTTP only)
user_agent	A request header User-Agent value.

Action	Allowed Value
action	Specify one of the following: allow - to allow particular URL requests to bypass authentication. The proxy caches and serves the requested content. deny - to deny requests for HTTP or FTP objects from specific destinations. When a request is denied, the client receives an access denied message. radius - not supported.
keep_hdr	The client request header information that you want to keep. You can specify the following options: date host cookie client_ip
strip_hdr	The client request header information that you want to strip. You can specify the same options as with keep_hdr.
add_hdr	The custom header value you want to add. Requires specification of the custom header and a header value. For example: add_hdr="header_name:header_value"