Compliance on Blue Coat

Created On
Last Updated On
byJohn Lambrou
You are here:
< All Topics
Table of Contents

Here’s a method to display a Policy Acceptance page to a user’s browser on a policy match. Blue Coat calls this By Category interception a ‘coaching’ page. The time-based-cookie is set after the user clicks ‘accept’ and although the access-logs do not specifically say “the user clicked ‘Accept”’, options are available to meet varying range of requirements. I’ll let you do your own research, though my preference has been to configure a combined action in the VPM to log the user clicking ‘accept’ to a custom access-log named “PolicyAccepted” as well as send this to an SNMP server or email to compliance.

Formatted text:

FIRM NAME, L.P. , <logo>

Notice: Access to this resource is for authorized use only.

Your IP address: $(client.address)

Your username: $(user)

The requested URL host is: $(url.host) categorized as: File Sharing.


Your access to the Business-to-Business service is provided on the following terms:

      (1) This resource is for authorized use only. Authorized persons may only use these computer resources for approved business purposes.

      (2) Misuse or misappropriation of such resources will lead to disciplinary action.

      (3) The Firm reserves the right to monitor and audit electronic communications at any time for appropriate business usage, standards and compliance with the ELECTRONIC COMMUNICATIONS POLICY  detailed in the Firm’s Compliance Manual.

By clicking Accept you acknowledge that you will be accessing a ‘File Sharing’ site for the purposes of retrieving data from your client.

<accept button>



Unformatted text:

define string __CoachB2B_format
<html>
<head>
<title>Compliance Notice</title>
<script>
function Accept() {
}
</script>
</head>
<body>
<!-- REPLACE THE FOLLOWING WITH YOUR MESSAGE -->
<p><b><span style='color:darkorange'>FIRM, L.P.</span></b></p>
<p><b>Notice:</b> Access to this resource is for authorized use only.</p>
<br>
<p>Your IP address: <b>$(client.address) </b><br>
<br>
Your username: <b>$(user) </b><br>
<br>
The requested URL host is: <b>$(url.host) </b> categorized as: <i>File Sharing</i>. </p>

<br>
Your access to the Business-to-Business service is provided on the following terms:
<br><br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (1) This resource is for authorized use only.  Authorized persons may only use these computer<br> 
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; resources for approved business purposes.  
<br><br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (2) Misuse or misappropriation of such resources will lead to disciplinary action.
<br><br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (3) The Firm reserves the right to monitor and audit electronic communications at any time for<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; appropriate business usage, standards and compliance with the ELECTRONIC COMMUNICATIONS POLICY<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; detailed in the <a href="http://intranet/compliance/_MANUAL.pdf">Firm's Compliance Manual</a>.
<br><br><br>

By clicking Accept you acknowledge that you will be accessing a File Sharing site for the purposes<br> 
of retrieving data from your client. 
<br>

<!-- The following is the Accept button, which you can customize. -->
<p><form action="$(exception.details)" method="post">
 <input type=submit value="Accept" onclick="Accept()" >
 </form>
</body>
</html>

This policy defines that if User is part of the B2B-Group and destination URL is part of the B2B-SHARE category, then perform the Coaching action.

;; Description: Combined-B2B-Group
define condition __CondList1Combined-B2B-Group
	condition=__GROUP6
	condition=__USER1
	condition=__USER2
	condition=__USER43
	condition=__USER41
end condition __CondList1Combined-B2B-Group

define condition Combined-B2B-Group
	condition=__CondList1Combined-B2B-Group	
end condition Combined-B2B-Group

define condition B2B-SHARE
	url.category=("L-B2B-SHARE")
end condition B2B-SHARE

define proxy policy CoachB2B
    <proxy>
        condition=__CoachB2B_should_notify \
            action.__CoachB2B_original_to_notify(yes)
end

The policy checks for several conditions before any action to user is performed.

define action __CoachB2B_accepted_to_verify
    request_redirect(302,
        '(.*)/accepted-CoachB2B\?(.*)',
        '$(1)/verify-CoachB2B?$(2)')
    set(exception.response.header.Set-Cookie,
        'notified-CoachB2B=1 $(url.cookie_domain)')
    set(exception.response.header.P3P, 'CP="NOI CUR OUR NOR STA"')
end
define action __CoachB2B_accepted_to_original
    request_redirect(302,
        '(.*)/accepted-CoachB2B\?(.*)',
        '$(2:decode_base64)')
end
define action __CoachB2B_verify_to_original
    request_redirect(302, '(.*)/verify-CoachB2B\?(.*)', '$(2:decode_base64)')
end
define action __CoachB2B_verify_to_verify2
    request_redirect(302,
        '(.*)/verify-CoachB2B\?(.*)',
        '$(1)/verify2-CoachB2B?$(2)')
    set(exception.response.header.Set-Cookie,
        'notified-CoachB2B=1')
    set(exception.response.header.P3P, 'CP="NOI CUR OUR NOR STA"')
end
define action __CoachB2B_verify2_to_original
    request_redirect(302, '(.*)/verify2-CoachB2B\?(.*)', '$(2:decode_base64)')
end

Result:

Close Bitnami banner
Bitnami