Josh
How do I best explain this, but let me try.
This is again my understanding based on my experience fiddling around.
I think the way proxyrules is structured limits us to define only one entry point. Once inside the loop, I can again have sub conditions or rules / expressions (this can keep looping by creating further conditions or expressions). However I cannot have 2 entry points defined within a single proxyrules.xml.
USECASE-1 : We would like to do traffic routing based on HOST NAME.
<!-- Proxy Rules-->
<nete:proxyrules xmlns:nete="http://www.ca.com/">
<nete:cond type="host" criteria="equals">
<nete:case value="sp1.krike02-test1.ca.com:80">
<nete:forward>http://lodivm10se038:2000$1</nete:forward>
</nete:case>
<nete:case value="sp1.krike02-test1.ca.com:443">
<nete:forward>http://lodivm10se038:2000$1</nete:forward>
</nete:case>
<nete:case value="sp2.krike02-test1.ca.com:80">
<nete:forward>http://lodivm10se004:1000$1</nete:forward>
</nete:case>
<nete:default>
<nete:forward>http://www.ca.com$0</nete:forward>
</nete:default>
</nete:cond>
</nete:proxyrules>
USECASE-2 : Now if some one asks me to do HTTP HEADERS into the above MIX and wants HTTP HEADERS to be evaluated as entry point i.e. Parent (same level as "host").
<!-- Proxy Rules-->
<nete:proxyrules xmlns:nete="http://www.ca.com/">
<nete:cond type="host" criteria="equals">
<nete:case value="sp1.krike02-test1.ca.com:80">
<nete:forward>http://lodivm10se038:2000$1</nete:forward>
</nete:case>
<nete:case value="sp1.krike02-test1.ca.com:443">
<nete:forward>http://lodivm10se038:2000$1</nete:forward>
</nete:case>
<nete:case value="sp2.krike02-test1.ca.com:80">
<nete:forward>http://lodivm10se004:1000$1</nete:forward>
</nete:case>
<nete:default>
<nete:forward>http://www.ca.com$0</nete:forward>
</nete:default>
</nete:cond>
<nete:cond type="header" headername="SMAUTHDIRNAME">
<nete:case value="ud_mssql_ud">
<nete:forward>http://machinevm6128:1000$0</nete:forward>
</nete:case>
<nete:case value="ud_ad2k8">
<nete:forward>http://machinevm6128:10001$0</nete:forward>
</nete:case>
<nete:default>
<nete:forward>http://www.ca.com$0</nete:forward>
</nete:default>
</nete:cond>
</nete:proxyrules>
This fail to load the SPS and fails with unable to parse proxyrules.xml.
[06/Apr/2015:15:57:14-524] [ERROR] - Proxy Rules: ** Proxy Rules Parsing Error **
[06/Apr/2015:15:57:14-524] [ERROR] - Proxy Rules: File: 'file:///C:/CA/secure-proxy/proxy-engine/conf/proxyrules.xml'
[06/Apr/2015:15:57:14-524] [ERROR] - Proxy Rules: Line: 34
[06/Apr/2015:15:57:14-524] [ERROR] - Proxy Rules: Message: The content of element type "nete:proxyrules" must match "(nete:description?,(nete:cond|nete:xprcond|nete:forward|nete:redirect|nete:local))".
[06/Apr/2015:15:57:14-540] [ERROR] - Error while parsing proxy rules: C:\CA\secure-proxy\proxy-engine\conf\proxyrules.xml
org.xml.sax.SAXException: Error encountered
org.xml.sax.SAXParseException; systemId: file:///C:/CA/secure-proxy/proxy-engine/conf/proxyrules.xml; lineNumber: 34; columnNumber: 19; The content of element type "nete:proxyrules" must match "(nete:description?,(nete:cond|nete:xprcond|nete:forward|nete:redirect|nete:local))".
at com.netegrity.proxy.rules.parser.ErrorHandlerImpl.error(ErrorHandlerImpl.java:78)
at org.apache.xerces.util.ErrorHandlerWrapper.error(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.dtd.XMLDTDValidator.handleEndElement(Unknown Source)
at org.apache.xerces.impl.dtd.XMLDTDValidator.endElement(Unknown Source)
at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
at com.netegrity.proxy.rules.parser.ProxyRuleParser.parseDoc(ProxyRuleParser.java:66)
at com.netegrity.proxy.rules.task.RuleWatcherTask.buildTree(RuleWatcherTask.java:84)
at com.netegrity.proxy.rules.task.RuleWatcherTask.doOnChange(RuleWatcherTask.java:94)
at com.netegrity.util.timer.task.AbstractFileWatcherTask.run(AbstractFileWatcherTask.java:81)
at com.netegrity.proxy.service.SmProxyRules.init(SmProxyRules.java:145)
at com.netegrity.proxy.service.SmProxyRules.init(SmProxyRules.java:106)
at org.apache.catalina.core.ApplicationFilterConfig.initFilter(Unknown Source)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(Unknown Source)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(Unknown Source)
at org.apache.catalina.core.StandardContext.filterStart(Unknown Source)
at org.apache.catalina.core.StandardContext.startInternal(Unknown Source)
at org.apache.catalina.util.LifecycleBase.start(Unknown Source)
at org.apache.catalina.core.ContainerBase$StartChild.call(Unknown Source)
at org.apache.catalina.core.ContainerBase$StartChild.call(Unknown Source)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
Caused by: org.xml.sax.SAXParseException; systemId: file:///C:/CA/secure-proxy/proxy-engine/conf/proxyrules.xml; lineNumber: 34; columnNumber: 19; The content of element type "nete:proxyrules" must match "(nete:description?, nete:cond|nete:xprcond|nete:forward|nete:redirect|nete:local))".
at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source) ... 31 more
[06/Apr/2015:15:57:14-540] [ERROR] - The Secure Proxy Server Cannot Be Started Without a Valid Set Of Proxy Rules.
[06/Apr/2015:15:57:14-540] [ERROR] - You MUST Shutdown the Secure Proxy Server, Correct This Error, and Restart.
Hence my assumption that only one parent condition could exist in proxyrules.xml and rest is all sub conditions within the parent (i.e. Single Entry Point).
Hope this helps in understanding what I meant by limited by design.
Regards
Hubert