Matching Proxy Rules

Each proxy is an independent program that reads its own policy file. The file for each proxy consists of policy rules selected by the compiler. Rules may in turn reference data in the user database.

Each proxy follows a sequence of tests to determine whether a rule matches:

Does the source address of the packet fall within the source-address range in the policy rule?
Is the destination address of the final connection (the host that the user specifies) in the destination address in the policy rule?
If the policy rule requires user authentication, did the user authenticate correctly? Is that user enabled?
Is this (possibly anonymous) authenticated user included in the policy rule, either directly or by group membership?

Previous: Chapter 5 Using High Availability
Next: Preparing to Use Proxies