Implementing Exception Pages



Similar documents
Reverse Proxy with SSL - ProxySG Technical Brief

ProxySG ICAP Integration

HTTPS HTTP. ProxySG Web Server. Client. ProxySG TechBrief Reverse Proxy with SSL. 1 Technical Brief

ProxySG TechBrief Implementing a Reverse Proxy

Blue Coat Security First Steps Solution for Controlling HTTPS

Downloading and Configuring WebFilter

Creating Notification Policies: Coaching, Splash, and Compliance

Blue Coat Security First Steps Solution for Integrating Authentication

ProxySG TechBrief Enabling Transparent Authentication

Blue Coat Security First Steps Transparent Proxy Deployments

LDAP Authentication and Authorization

ProxySG TechBrief Downloading & Configuring Web Filter

Blue Coat Security First Steps Solution for Deploying an Explicit Proxy

Blue Coat Security First Steps Solution for Integrating Authentication Using LDAP

Blue Coat Systems. Reference Guide. SSL Proxy. For SGOS 5.5.x and later

Blue Coat Systems. Reference Guide. SSL Proxy. For SGOS 5.3.1

Blue Coat Security First Steps Solution for Controlling Web Applications

Blue Coat Systems. Client Manager Redundancy for ProxyClient Deployments

MadCap Software. Upgrading Guide. Pulse

User Identification and Authentication

Best Practices for Controlling Skype within the Enterprise. Whitepaper

Implementing SSL Offload with JAGUAR Ver.1.0

How to Configure a Secure Connection to Microsoft SQL Server

Secure Web Service - Hybrid. Policy Server Setup. Release Manual Version 1.01

Blue Coat Security First Steps. Solution for HTTP Object Caching

Deploying the SSL Proxy

ISA Server Plugins Setup Guide

Proxy Forwarding Access Method

Threat Containment for Facebook

Blue Coat Security First Steps Solution for Streaming Media

Proxy Forwarding Access Method

ProxySG TechBrief LDAP Authentication with the ProxySG

NETWRIX EVENT LOG MANAGER

Adobe Marketing Cloud Bloodhound for Mac 3.0

Reverse Proxy Deployment Guide

ShoreTel Advanced Applications Web Utilities

LogLogic Blue Coat ProxySG Syslog Log Configuration Guide

Sage 200 Web Time & Expenses Guide

Sophos Mobile Control Installation guide. Product version: 3.5

CA Unified Infrastructure Management Server

SuperLumin Nemesis. Administration Guide. February 2011

Blue Coat ProxySG Authentication Guide. SGOS 6.5.x

LogLogic Cisco IPS Log Configuration Guide

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

NovaBACKUP. Storage Server. NovaStor / May 2011

IWA AUTHENTICATION FUNDAMENTALS AND DEPLOYMENT GUIDELINES

Installing and Configuring vcloud Connector

Executive Summary. What is Authentication, Authorization, and Accounting? Why should I perform Authentication, Authorization, and Accounting?

Fax User Guide 07/31/2014 USER GUIDE

Sophos Mobile Control SaaS startup guide. Product version: 6

Setting Up SSL on IIS6 for MEGA Advisor

SonicWALL SSL VPN 3.0 HTTP(S) Reverse Proxy Support

How to configure the Panda GateDefender Performa explicit proxy in a Local User Database or in a LDAP server

Server Installation Guide ZENworks Patch Management 6.4 SP2

SSL Intercept Mode. Certificate Installation Guide. Revision Warning and Disclaimer

Installation Guide for Pulse on Windows Server 2012

Sophos Mobile Control Installation guide. Product version: 3

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

WEBCONNECT INSTALLATION GUIDE. Version 1.96

StarWind iscsi SAN Software: Challenge-Handshake Authentication Protocol (CHAP) for Authentication of Users

Apache Server Implementation Guide

vcloud Director User's Guide

etoken Enterprise For: SSL SSL with etoken

CA Spectrum and CA Embedded Entitlements Manager

Wavecrest Certificate

SECURE ICAP Gateway. Blue Coat Implementation Guide. Technical note. Version /12/13. Product Information. Version & Platform SGOS 6.

IceWarp Notifier User Guide

Crystal Reports Installation Guide

A Guide to New Features in Propalms OneGate 4.0

Websense Web Security Gateway: Integrating the Content Gateway component with Third Party Data Loss Prevention Applications

Enterprise Toolbar User s Guide. Revised March 2015

DEPLOYMENT GUIDE Version 1.0. Deploying F5 with the Oracle Fusion Middleware SOA Suite 11gR1

Decrypt Inbound SSL Traffic for Passive Security Device (D-H)

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

Transition Networks White Paper. Network Security. Why Authentication Matters YOUR NETWORK. OUR CONNECTION.

Microsoft Office 365 Using SAML Integration Guide

CA Performance Center

StarWind SMI-S Agent: Storage Provider for SCVMM April 2012

Quadro Configuration Console User's Guide. Table of Contents. Table of Contents

Quick Start Guide. Apptix Online Backup by Mozy (AOBM) Live Support:

Kaseya Server Instal ation User Guide June 6, 2008

Sophos Mobile Control Installation guide

Best Practices for Controlling Skype within the Enterprise > White Paper

SSL Proxy Deployment Guide

Installing and Configuring vcloud Connector

Managed Services PKI 60-day Trial Quick Start Guide

Installation Guide for Pulse on Windows Server 2008R2

RoomWizard Synchronization Software Manual Installation Instructions

2X SecureRemoteDesktop. Version 1.1

ez Agent Administrator s Guide

Copyright 2012 Trend Micro Incorporated. All rights reserved.

Secure Web Appliance. SSL Intercept

Management Center. Installation and Upgrade Guide. Version 8 FR4

AusCERT Remote Monitoring Service (ARMS) User Guide for AusCERT Members

SMART Vantage. Installation guide

Application Control and URL Filtering

Web Security Firewall Setup. Administrator Guide

Aspera Connect User Guide

Installation Guide Supplement

ProxyCap Help. Table of contents. Configuring ProxyCap Proxy Labs

Transcription:

Technical Brief: Implementing Exception Pages Implementing Exception Pages SGOS 5 Series Developed using SGOS 5.3.1.4 What are Exception Pages? Exception pages are Web pages (messages sent to users under specific conditions. The ProxySG offers multiple built-in exception pages that you can modify for your company s particular needs. Default pages include authentication_failed, policy_denied, and so on (you can see the full list using the Management Console by going to Policy > Exceptions and clicking View for Current Exceptions. Additionally, you can define custom exception pages. These pages can reference substitution variables such as authenticated username, client IP address, time, date, and so on. This document describes how to create custom exception pages that can be used in a policy. Note: The Notify User action object available in policy allows for the customizing of the HTML users receive when the policy is triggered. These are created with combinations of policy and exception pages. For information on creating standard Coaching, Splash or Compliance notification policies and pages, see the ProxySG technical brief Creating Notification Policies: Coaching, Splash, and Compliance. Why Implement Exception Pages? Exception pages provide user feedback during error conditions as well as being a tool to implement advanced policies (such as notify actions. For example, you can create an exception page that warns users about the Web site they are attempting to access and sets a cookie so a different exception page (perhaps with a more severe warning for repeat offenders displays if the policy is triggered again. Or exception pages for common errors can be customized to provide end user troubleshooting/reporting instructions. How it works Exception pages are returned to a Web browser request in place of the requested content. When a policy rule s conditions are met, and the exception action enabled, the proxy returns the exception content with appropriate substitution variables to the end user. The browsing application treats this as a response from the origin server. Depending on the type of exception, the browser may display the contents of the page, follow a redirection URL to another page, or display an error message to the user. User transactions that result in an exception can be logged, allowing tracking of notification and other interactions as required by corporate policy. Installing Custom Exception Pages Overview Custom exception pages are implemented by first creating an HTML file with acceptable variables and installing it to your ProxySG, then launching the Visual Policy Manager (VPM and configuring a Web Access layer that specifies a Destination (the policy trigger, and an Action. Your Web Access Layer can also trigger the exception based on Source, (for a specific user or group, Time, or Service. Exceptions may only be returned on connections the ProxySG has intercepted. To do this, go to Services > Proxy Services, select the service (such as HTTP, set it to Intercept, and click Apply. For the exceptions to be successfully returned on HTTPS traffic as well, the service must be intercepting and an HTTPS-Intercept policy must trigger to decrypt the connection s SSL. In order to record the user reaction to the exception, access logging must be enabled. To do this, go to the Configuration > General > Access Logging page, select Enable Access Logging, and click Apply.

About the Default Proxy Policy On the Management Console Configuration > Policy > Policy Options page you can set the default policy option to Deny or Allow. The two options provide two different approaches; however, as the Return Exception action object does not modify the Allow or Deny state, the examples provided will function as expected within existing policy allow/deny settings. For more details on developing effective policies, see the Policy Best Practices tech brief. About the Variables The HTML code examples for the exception pages described in this document use a few common variables, defined below. For a full list of variables that may be used in policy messages, see the CPL Guide, Appendix D. Variable $(exception.details $(exception.contact $(client.address $(user $(url.host $(category Creates Detailed explanation text for the exception, often including other substitution variables such as the URL-hostname and category. The name/email of the of the policy administrator The IP Address of the requesting machine The name of the requestor The requested URL s hostname portion. This is suggested in place of the full URL to avoid cross-site-scripting attacks. The category of the requested URL About Exception Pages Exception pages are defined within a hierarchy. There are two main types of exception pages in the hierarchy: -> Built-in -> User-defined The general form of an exception definition is as follows: (exception.<exception-id> (contact "" ; defines the $(exception.contact variable (details "" ; the exception reason as $(exception.details (format ""; defines the format of the on HTML exception (help "" ; defines the $(exception.help variable (summary "" ; defines message for the $(exception.summary (http ; specific settings for HTTP/HTTPS exceptions (code "" ; HTTP response code (typically 200, 307, or 403 (contact "" ; HTML specific contact info (ex: mailto link (details "" ; HTML specific details text (format "" ; the HTML exception format with variables (help "" ; defines the $(exception.help variable text (summary ""; a short name for the exception: $(exception.summary

How to Implement Exception Pages There are two parts to implementing exception pages 1 Create the exception page as desired and install it on the ProxySG 2 Create a policy referencing the exception page Part 1 Create and Install an Exception Page Once you have created the HTML exception page that you want (an example page is provided in step 2 below you install it using the Blue Coat Management Console: 1 Go to Policy > Exceptions.

2 Select Text Editor from the Install Exceptions Definitions from dropdown list and click Install. The Edit and Install the Exceptions Definitions box appears. 3 Scroll down until you find the following section. Insert your user-defined exception before the last character where indicated below: (exception.user-defined.all (contact (details (format (help (summary (http (code "403" (contact (details (format (help (summary <------------------- insert your custom-defined HTML exception page here

The example below is called my_exception. In the indicated section described above, add the following code and customize to suit your needs: (exception.user-defined.my_exception (http (code "200" (format <<--myexception-- <html> <head> <title>denied Access Policy </title> <meta name="author" content="example Company"> <meta name="description" content="denied Access Policy"> </head> <body> <center> <font face="arial, Helvetica, sans-serif" size="4" color="red"><b>you are about to access the Internet from the Example Company Network <font face="arial, Helvetica, sans-serif" size="4" color="red">internet USAGE IS MONITORED AND LOGGED.</font> <font face="arial, Helvetica, sans-serif" size="3" color="red"><b> Your IP address: $(client.address <br>your username: $(user.name</b></font> <font face="arial, Helvetica, sans-serif" size="4" color="red">you HAVE BEEN DENIED ACCESS TO THIS SITE. PLEASE READ OUR SECURITY POLICY AT http://intranet.example.com/up.html For any comments email <A href='mailto:support@example.com?subject=barred web page $(url, IP address: $(client.address, User ID: $(user'>customer Service Center</a></font> </center> </body> </html> --myexception--

4 Once you have pasted the code, click Install to save your changes. 5 Click OK when you see the following successful installation message.

Part 2 Create a Policy Referencing the Exception Page 1 Open the Visual Policy Manager from the Blue Coat Management Console: Go to Policy > Visual Policy Manager and click Launch. 2 In the Policy menu, click Add Web Access Layer to create a Web access policy. Name the layer appropriately, and click OK. NOTE: To help maintain scalability, Blue Coat recommends giving relevant names to layers and objects. 3 To define the action which returns your user-defined exception, right-click the Action setting and select Set. The Set Action Object box appears.

4 Click New and select Return Exception. The Add Return Exception Object box appears. 5 Select User-defined exception, pick your custom exception from the drop-down list, and click OK to return to the Set Action Object box. 6 The Set Action Object dialog appears with the newly defined action object. Click OK again to set the action object and return to the Visual Policy Manager.

7 Click Install Policy to install, and then click OK in the confirmation box. Close the Visual Policy Manager. Test the exception page To test the exception page, go to a URL denied by your policy and you see the custom HTML page; an example is shown here: Conclusion The Blue Coat ProxySG allows you to utilize exception pages to warn, advise, or require compliance from users. The administrator can make use of built-in exception pages that are pre-defined by the operating system or they can create their own custom exception pages. The ProxySG provides flexibility for a company to control users when accessing Web pages ensuring greater user productivity and compliance with corporate security policies. Blue Coat Systems, Inc. www.bluecoat.com Corporate Headquarters Sunnyvale, CA USA // +1.408.220.2200 EMEA Headquarters Hampshire, UK // +44.1252.554600 APAC Headquarters Hong Kong // +852.3476.1000 Copyright 2009 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of Blue Coat Systems, Inc. Specifications are subject to change without notice. Information contained in this document is believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use. Blue Coat, ProxySG, PacketShaper, ProxyClient and BlueSource are registered trademarks of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their respective owners. v.tb-implement_exception_pages-v3-0309

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information