Compliance on Blue Coat
Here’s a method to display a Policy Acceptance page to a user’s browser on a policy match. Blue Coat calls this By Category interception a ‘coaching’ page. The time-based-cookie is set after the user clicks ‘accept’ and although the access-logs do not specifically say “the user clicked ‘Accept”’, options are available to meet varying range of requirements. I’ll let you do your own research, though my preference has been to configure a combined action in the VPM to log the user clicking ‘accept’ to a custom access-log named “PolicyAccepted” as well as send this to an SNMP server or email to compliance.
Formatted text:
FIRM NAME, L.P. , <logo>
Notice: Access to this resource is for authorized use only.
Your IP address: $(client.address)
Your username: $(user)
The requested URL host is: $(url.host) categorized as: File Sharing.
Your access to the Business-to-Business service is provided on the following terms:
(1) This resource is for authorized use only. Authorized persons may only use these computer resources for approved business purposes.
(2) Misuse or misappropriation of such resources will lead to disciplinary action.
(3) The Firm reserves the right to monitor and audit electronic communications at any time for appropriate business usage, standards and compliance with the ELECTRONIC COMMUNICATIONS POLICY detailed in the Firm’s Compliance Manual.
By clicking Accept you acknowledge that you will be accessing a ‘File Sharing’ site for the purposes of retrieving data from your client.
<accept button>
Unformatted text:
define string __CoachB2B_format
<html>
<head>
<title>Compliance Notice</title>
<script>
function Accept() {
}
</script>
</head>
<body>
<!-- REPLACE THE FOLLOWING WITH YOUR MESSAGE -->
<p><b><span style='color:darkorange'>FIRM, L.P.</span></b></p>
<p><b>Notice:</b> Access to this resource is for authorized use only.</p>
<br>
<p>Your IP address: <b>$(client.address) </b><br>
<br>
Your username: <b>$(user) </b><br>
<br>
The requested URL host is: <b>$(url.host) </b> categorized as: <i>File Sharing</i>. </p>
<br>
Your access to the Business-to-Business service is provided on the following terms:
<br><br>
(1) This resource is for authorized use only. Authorized persons may only use these computer<br>
resources for approved business purposes.
<br><br>
(2) Misuse or misappropriation of such resources will lead to disciplinary action.
<br><br>
(3) The Firm reserves the right to monitor and audit electronic communications at any time for<br>
appropriate business usage, standards and compliance with the ELECTRONIC COMMUNICATIONS POLICY<br>
detailed in the <a href="http://intranet/compliance/_MANUAL.pdf">Firm's Compliance Manual</a>.
<br><br><br>
By clicking Accept you acknowledge that you will be accessing a File Sharing site for the purposes<br>
of retrieving data from your client.
<br>
<!-- The following is the Accept button, which you can customize. -->
<p><form action="$(exception.details)" method="post">
<input type=submit value="Accept" onclick="Accept()" >
</form>
</body>
</html>
This policy defines that if User is part of the B2B-Group and destination URL is part of the B2B-SHARE category, then perform the Coaching action.
;; Description: Combined-B2B-Group
define condition __CondList1Combined-B2B-Group
condition=__GROUP6
condition=__USER1
condition=__USER2
condition=__USER43
condition=__USER41
end condition __CondList1Combined-B2B-Group
define condition Combined-B2B-Group
condition=__CondList1Combined-B2B-Group
end condition Combined-B2B-Group
define condition B2B-SHARE
url.category=("L-B2B-SHARE")
end condition B2B-SHARE
define proxy policy CoachB2B
<proxy>
condition=__CoachB2B_should_notify \
action.__CoachB2B_original_to_notify(yes)
end
The policy checks for several conditions before any action to user is performed.
define action __CoachB2B_accepted_to_verify
request_redirect(302,
'(.*)/accepted-CoachB2B\?(.*)',
'$(1)/verify-CoachB2B?$(2)')
set(exception.response.header.Set-Cookie,
'notified-CoachB2B=1 $(url.cookie_domain)')
set(exception.response.header.P3P, 'CP="NOI CUR OUR NOR STA"')
end
define action __CoachB2B_accepted_to_original
request_redirect(302,
'(.*)/accepted-CoachB2B\?(.*)',
'$(2:decode_base64)')
end
define action __CoachB2B_verify_to_original
request_redirect(302, '(.*)/verify-CoachB2B\?(.*)', '$(2:decode_base64)')
end
define action __CoachB2B_verify_to_verify2
request_redirect(302,
'(.*)/verify-CoachB2B\?(.*)',
'$(1)/verify2-CoachB2B?$(2)')
set(exception.response.header.Set-Cookie,
'notified-CoachB2B=1')
set(exception.response.header.P3P, 'CP="NOI CUR OUR NOR STA"')
end
define action __CoachB2B_verify2_to_original
request_redirect(302, '(.*)/verify2-CoachB2B\?(.*)', '$(2:decode_base64)')
end
Result: