Policy not matching when trying to control a URL containing a query string


Article ID: 166762


Updated On:


ProxySG Software - SGOS


You are trying to deny access to a specific URL but it doesn't seem to match, no matter how you configure rules in VPM. The URL contains a script with a query string (often recognizable by a question mark in the URL string).


The reason is that we only evaluate the actual resource. So for example let's take this URL:


If you use a regular or even advanced match for "mp3" the rule will always be missed. This is because the actual resource is http://www.testdomain.com/download.php (everything hereafter is the query substring).

In order to write policy while taking into account the query string, we have to write CPL code. Assuming we want to deny downloading the mp3 file, the CPL code is as follows:

url.domain=www.testdomain.com url.query.regex=".mp3" deny




This operation is not available in VPM but only via CPL. So you can either insert a CPL Layer in VPM (provided you are running an SGOS version that allows you to add a CPL layer) or you can add it to your local policy file.