Blue Coat Security First Steps Solution for Exception Pages

Similar documents
Blue Coat ProxySG First Steps Solution for Exception Pages SGOS 6.7

Blue Coat Security First Steps Solution for Streaming Media

Blue Coat Security First Steps Solution for Streaming Media

Blue Coat Security First Steps Solution for Integrating Authentication Using LDAP

Blue Coat ProxySG First Steps Transparent Proxy Deployments SGOS 6.7

Blue Coat Security First Steps. Solution for Integrating Authentication using IWA BCAAA

Blue Coat Security First Steps Solution for Controlling HTTPS

Blue Coat ProxySG First Steps Solution for Controlling HTTPS SGOS 6.7

ProxySG Virtual Appliance MACH5 Edition Initial Configuration Guide

Using Kerberos Authentication in a Reverse Proxy Environment

Multi-Tenant Policy Deployment Guide

Technical Brief. Best Practice. PacketShaper and Office 365

PolicyCenter Release Notes

Bi-directional ADN Deployment Using WCCP with Reflect Client IP [Configuration Sample] Ken Fritz (PSS)

Blue Coat ProxySG Maintenance and Upgrade Guide. ProxySG 900 Series B E T A D R A. Document Number: Rev B.2

PolicyCenter Release Notes

Migrating to a New ProxySG Appliance. ProxySG 900/9000 to ProxySG S400/500

SGOS on KVM Deployment Guide

Office 365 Best Practices: Protocols

BCCPP Q&As. Blue Coat Certified Proxy Professional. Pass Blue Coat BCCPP Exam with 100% Guarantee

SGOS on AWS Deployment Guide

BlueCoat BCCPP. Blue Coat Certified Proxy Professional.

Reverse Proxy Deployment Guide

IPv6 Classification. PacketShaper 11.8

Adaptive Strong Authenticator Configuration Guide 10g ( ) December 2007

Configuration & Management Guide

HTTP 1.1 Web Server and Client

Cisco Stealthwatch. Proxy Log Configuration Guide 7.0

ProxySG Virtual Appliance MACH5 Edition Initial Configuration Guide

AT&T Cloud Web Security Service

Realms and Identity Policies

Cisco Service Control Online Advertising Solution Guide: Behavioral. Profile Creation Using Traffic Mirroring, Release 4.0.x

User Identity Sources

ActivIdentity 4TRESS AAA Web Tokens and F5 BIG-IP Access Policy Manager. Integration Handbook

Installing a CoreStreet Responder

CajunRules Policy Manager User Guide. Version 2.0

Application Notes for Mutare EVM Plus gistt with Avaya IP Office 8.1 and Embedded Voic Issue 1.0

User Identity Sources

Parallels Remote Application Server

Microsoft ISA 2006 Integration. Microsoft Internet Security and Acceleration Server (ISA) Integration Notes Introduction

Installation and Configuration Guide

A10 Thunder ADC with Oracle E-Business Suite 12.2 DEPLOYMENT GUIDE

Enforced Client Policy & Reporting Server (EPRS) 2.3. Administration Guide

Creating Web Pages with SeaMonkey Composer

VII. Corente Services SSL Client

Cisco Service Control Usage Analysis and Reporting Solution Guide,

Cisco TEO Adapter Guide for Microsoft System Center Operations Manager 2007

LiveNX Upgrade Guide from v5.1.2 to v Windows

Installation and Configuration Guide

Customer Portal. PacketShaper 11.7

Cisco TEO Adapter Guide for Microsoft Windows

Polycom RealPresence Resource Manager System

Web Publishing Basics I

Configuring the CSS for Device Management

BLUEPRINT TEAM REPOSITORY. For Requirements Center & Requirements Center Test Definition

Tzunami Deployer Confluence Exporter Guide

Subscriber Traffic Redirection

Nimsoft Service Desk. Single Sign-On Configuration Guide. [assign the version number for your book]

Personality Migration Reference

1.1 How to Install Prerequisites

Cisco TEO Adapter Guide for

edocs Home > BEA AquaLogic Service Bus 3.0 Documentation > Accessing ALDSP Data Services Through ALSB

Addendum to Cisco Physical Security Operations Manager Documentation, Release 6.1

Faculty Web Page Management System. Help Getting Started

Product overview. McAfee Web Protection Hybrid Integration Guide. Overview

Proxy Log Configuration

unisys Unisys Stealth(cloud) for Amazon Web Services Deployment Guide Release 2.0 May

Secure Web Appliance. SSL Intercept

PeopleFluent OrgPublisher HTML5 Installation and Configuration Guide

Deployment Guide AX Series with Oracle E-Business Suite 12

McAfee Firewall Enterprise epolicy Orchestrator Extension

Aspera Connect Windows XP, 2003, Vista, 2008, 7. Document Version: 1

Webthority can provide single sign-on to web applications using one of the following authentication methods:

Firewall Enterprise epolicy Orchestrator

OPC-UA Tutorial. A Guide to Configuring the TOP Server for OPC-UA

StorageCraft Cloud Backup

Cisco Service Control Service Security: Outgoing Spam Mitigation Solution Guide, Release 4.1.x

FileNET Guide for AHC PageMasters

The Evolved Office Assistant

NetScaler Radius Authentication. Integration Guide

Blue Coat Systems SG810 Series

Adobe Marketing Cloud Bloodhound for Mac 3.0

TechDirect User's Guide for ProDeploy Client Suite

Tzunami Deployer Confluence Exporter Guide

Clavis Webmail Manual

USING STYLESHEETS TO DESIGN A WEB SITE IN DREAMWEAVER MX 2004

BIG-IP DataSafe Configuration. Version 13.1

Implementing and Supporting Windows Intune

ORACLE USER PRODUCTIVITY KIT USAGE TRACKING ADMINISTRATION & REPORTING RELEASE SERVICE PACK 1 PART NO. E

RealPresence Media Manager

Ensim WEBppliance Pro for Windows 2000 (ServerXchange ) Installation Guide

FileNET Guide for AHC PageMasters

Novell Access Manager

Policy Manager for IBM WebSphere DataPower 7.2: Configuration Guide

Océ Posterizer Pro Designer. POP into retail. User manual Application guide

Host Upgrade Utility User Guide for Cisco UCS E-Series Servers and the Cisco UCS E-Series Network Compute Engine

EnterpriseTrack Reporting Data Model Configuration Guide Version 17

HTTP 1.1 Web Server and Client

Android Mobile Single Sign-On to VMware Workspace ONE. SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.

Getting Started with Amazon Web Services

Transcription:

Blue Coat Security First Steps Solution for Exception Pages SGOS 6.5

Third Party Copyright Notices 2014 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW, INTELLIGENCECENTER, CACHEOS, CACHEPULSE, CROSSBEAM, K9, DRTR, MACH5, PACKETWISE, POLICYCENTER, PROXYAV, PROXYCLIENT, SGOS, WEBPULSE, SOLERA NETWORKS, DEEPSEE, DS APPLIANCE, SEE EVERYTHING. KNOW EVERYTHING., SECURITY EMPOWERS BUSINESS, BLUETOUCH, the Blue Coat shield, K9, and Solera Networks logos and other Blue Coat logos are registered trademarks or trademarks of Blue Coat Systems, Inc. or its affiliates in the U.S. and certain other countries. This list may not be complete, and the absence of a trademark from this list does not mean it is not a trademark of Blue Coat or that Blue Coat has stopped using the trademark. All other trademarks mentioned in this document owned by third parties are the property of their respective owners. This document is for informational purposes only. BLUE COAT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. BLUE COAT PRODUCTS, TECHNICAL SERVICES, AND ANY OTHER TECHNICAL DATA REFERENCED IN THIS DOCUMENT ARE SUBJECT TO U.S. EXPORT CONTROL AND SANCTIONS LAWS, REGULATIONS AND REQUIREMENTS, AND MAY BE SUBJECT TO EXPORT OR IMPORT REGULATIONS IN OTHER COUNTRIES. YOU AGREE TO COMPLY STRICTLY WITH THESE LAWS, REGULATIONS AND REQUIREMENTS, AND ACKNOWLEDGE THAT YOU HAVE THE RESPONSIBILITY TO OBTAIN ANY LICENSES, PERMITS OR OTHER APPROVALS THAT MAY BE REQUIRED IN ORDER TO EXPORT, RE-EXPORT, TRANSFER IN COUNTRY OR IMPORT AFTER DELIVERY TO YOU. Americas: Blue Coat Systems, Inc. 420 N. Mary Ave. Sunnyvale, CA 94085 Rest of the World: Blue Coat Systems International SARL 3a Route des Arsenaux 1700 Fribourg, Switzerland

Blue Coat Security First Steps Contents Third Party Copyright Notices 2 Solution: Create Custom Exception Pages 4 Set Services to Intercept 4 Transparent Proxy Services 4 Explicit Proxy Services 7 Design a Custom Exception Page 8 Install a Custom Exception Page 11 Create Policy for a Custom Exception Page 12 Test a Custom Exception Page 14 Exception Page Troubleshooting 15 Why are my HTML tags displaying in my browser? 15 How can I view the exception page I created? 15 Why doesn't the content of my exception page display? 16 Why can't I delete my custom exceptions page? 16 3

Creating Custom Exception Pages Solution: Create Custom Exception Pages An exception page is an HTML page that appears in a user's web browser after the person has tried to access a website the company has blocked access. For example, if the company has a policy that blocks the Shopping URL category and a user attempts to go to amazon.com, an exception page displays instead of the Amazon website. The ProxySG offers built-in exception pages and allows you to create custom exception pages. The steps below are the tasks you need to perform in order to create custom exception pages. 1. Design a Custom Exception Page 2. Install a Custom Exception Page 3. Create Policy for a Custom Exception Page 4. Test a Custom Exception Page Note: This solution assumes that you have HTTP and/or HTTPS set to intercept.. Set Services to Intercept In transparent ProxySG deployments, Internet applications aren't aware that the proxy is in the network, so the ProxySG has to monitor the ports used for their traffic. The most common ports are 80, (HTTP) 443 (HTTPS), and 1935 (RTMP). Caution: Any transparent traffic that doesn't have a proxy service set to intercept will pass through the proxy's interfaces unfiltered. For explicit proxy deployments, client browsers direct all traffic to the appliance on the same port, (typically 80 or 8080). When explicit traffic is intercepted, the appliance uses an advanced protocol detection method to identify the type of traffic (HTTP, HTTPS, RTMP, and so on) and handles it according to the standards for that traffic. Transparent Proxy Services 1. In the Management Console, select Configuration > Services > Proxy Services. 2. Under Predefined Service Groups, expand the Standard group. A list of services displays. 3. Locate the service you want to set to Intercept. 4. From the drop-down menu next to the service, select Intercept. In this example, the HTTPS service is set to Intercept. 4

Blue Coat Security First Steps 5. Repeat steps 3 and 4 for each additional service you want to intercept. 6. (Optional) To intercept traffic types that are not predefined: a. Click New Service. b. Enter a name for the service and select the service group, under which the new service will be listed. c. Select a proxy type from the Proxy drop-down menu. This menu lists all of the types of traffic the ProxySG understands. If the type of traffic you are intercepting is not listed, select TCP Tunnel. Caution: Tunneled traffic can only be controlled based on the information contained in the TCP header of the request: client IP, destination IP, and source and destination ports. d. Click Edit/Add Listeners. The New Listener dialog displays. 5

Creating Custom Exception Pages e. In the Port range field, enter the port your application uses to communicate. f. Ensure that the Action field is set to Intercept and click OK. g. If enabled, uncheck Enable ADN. 6

Blue Coat Security First Steps h. Click OK. 7. Click Apply. The appliance confirms your changes. Explicit Proxy Services 1. In the Management Console, select Configuration > Services > Proxy Services. 2. Under Predefined Service Groups, expand the Standard group. A list of services displays. 3. Locate Explicit HTTP, select it, and click Edit Service. 4. Enable Detect Protocol. 5. Under Listeners, set the explicit proxy ports (8080 and/or 80) to Intercept. 7

Creating Custom Exception Pages 6. Click OK and Apply. The appliance confirms your changes. Design a Custom Exception Page Exception pages are rendered in HTML.To design a custom exception page, you need to create an HTML page to display your customized exception message. The HTML page you design displays when users try to access content for which a blocking policy has been created. This topic discusses the process of designing your custom exception page using HTML code. 1. Copy the following HTML code. <!DOCTYPE html> <html> <head> <title>denied Access Policy </title> <meta name= "author" content = "Your Company Name Here" > <meta name="description" content = "Denied Access Policy" > <meta name="category" content = "$(exception.category)"> </head> <body> <center> <img src= "www.yourcompany.com/images/nameofimage.jpg" /><br> 8

Blue Coat Security First Steps <p> <font face = "Arial, Helvetica, sans-serif" size = "4" color = "Red" ><b>you are about to access the internet from: Your Company Network </font><br> <font face= "Arial, Helvetica, sans-serif" size = "4" color = "Red">INTERNET USAGE IS MONITORED AND LOGGED.</font><br> <font face = "Arial, Helvetica, sans-serif" size = "3" color = "Red"><b>Your IP address: 123.45.67.89 <!--$(client.address)--> <br>your username: Jane Smith <!-- $(user.name)--></b></font><br> <font face = "Arial, Helvetica, sans-serif" size = "4" color = "red" >YOU HAVE BEEN DENIED ACCESS TO THIS SITE. PLEASE READ OUR SECURITY POLICY AT: http://intranet.example.com/up.html <front><br> <font face = "Arial, Helvetica, sans-serif" size = "4" color = "red" > This has been reported by: Your Proxy Name <!--$(proxy.name)--><font><br> For any comments email <A href='mailto: YourCompany@example.com?subject=Barred web page <!--$(url)-->, IP address: <!--$(client.address)-->, User ID: <!-- $(user)-->' > Customer Service Center</a></font></a></font> </p> </center> </body> </html> Note: Errors can occur if <Opening tags> are not followed by </Closing tags> resulting in the improper rendering of your exception page content. 2. Paste the copied HTML code into your HTML editor. Each tag is designed to hold a particular type of text and It's important that you use each tag according to that purpose. Below is a close up of each tag that needs to be modified to fit your exception page needs. a. Edit the title of the exception page by removing the text in between the opening and closing title tags, and replacing that text with the name of the exception page you are creating. <title> Exception Page Title </title>. b. Edit the meta data tags to represent your company name, and the name of the exception. <meta name = "author" content = "Your Company Name Here"> <meta name = "description" content = "Denied Access Policy"> c. Edit the image tag to include your company logo. <img src="www.yourcompany.com/images/nameofimage.jpg" />. Note: You can not download your company logo or other graphics on to the ProxySG. You can however, reference graphics from an externally hosted source, as shown in the above example. d. Edit the text between the opening and closing <font> tags to create your desired exception message. The font tags below display the body of your exception message. <font face = "Arial, Helvetica, sans-serif" size = "4" color = "Red" ><b>you are about to access the Internet from the Your Company Network </font><br> <font face= "Arial, Helvetica, sans-serif" size = "4" color = "Red">INTERNET USAGE IS MONITORED AND LOGGED.</font><br> 9

Creating Custom Exception Pages <font face = "Arial, Helvetica, sans-serif" size = "3" color = "Red"><b>Your IP address: 123.45.67.89 <!--$(client.address)--> <br>your username: <!--$(user.name)--></b></font><br> <font face = "Arial, Helvetica, sans-serif" size = "4" color = "red" >YOU HAVE BEEN DENIED ACCESS TO THIS SITE. PLEASE READ OUR SECURITY POLICY AT http://intranet.example.com/up.html <front><br> <font face = "Arial, Helvetica, sans-serif" size = "4" color = "red" > This has been reported by <!--$(proxy.name)-><font><br> For any comments email <A href='mailto:yourcompany@example.com?subject=barred web page <!--$(url) -->, IP address: <!--$(client.address)-->, User ID: <!--$(user)-->' > Customer Service Center</a></font></a></font> Note: When you encounter a variable name such as $(client.address) enclosed in a comment such as: <!--$(client.address)--> You can remove the comments so that the content displays the information contained in the variable. You can delete them if you do not intend on ever displaying the information. e. Edit the font tag itself to change the font type, size and color. To change the font type, size and color, you must change the attributes named: face, size and color. For example, to change the size of the font to 7, you need to change the attribute, from size = "3" to size = "7". Each attribute s value must be surrounded in quotes otherwise the HTML does not render as desired. <font face="arial, Helvetica, sans-serif" size="3" color="red"><b> Your IP address: $(client.address) <br> Your username: $(user.name)</b> </font><br> 3. Save the file with the.html file extension. Substitution variables are predefined variables that can be included in your exception page. These variables, when referenced in your HTML code, display the values of the variables when the exception page is displayed to the user. The most commonly used substitution variables are listed below. Variable Description $(exception.category) The category of the requested URL $(user) The name of the requester $(url.host) The requested URL's host name portion $(proxy.name) The name of the ProxySG $(client.address) The IP address of the client A full list of variables can be found in the CPL guide, Appendix D. Next Step: Install a Custom Exception Page 10

Blue Coat Security First Steps Install a Custom Exception Page Before you begin this step, be sure that you have completed the steps in the topic Design a Custom Exception Page. Use the command line interface to install the custom exceptions page you created. 1. Use a remote login utility (such as Putty) to access the command line interface. 2. Enter the following CLI commands: SG# enable Enable Password: SG# conf t SG#(config) exceptions SG#(config exceptions) create my_exception ok SG#(config exceptions) edit my_exception SG#(config exceptions user-defined.my_exception) inline format EOF 3. Copy the code from your HTML file and paste that code into the command line. 4. After you have pasted in the HTML code, type EOF to signal the end of your code. ok Once you have entered your CLI commands and HTML code in to the CLI, your screen should be similar to the example below. 11

Creating Custom Exception Pages 5. Assign an HTTP response status code to your custom exception page by entering the following command: SG#(config exceptions user-defined.my_exception) http-code <code#> ok where <code#> is one of the following HTTP status codes: 302, 307, 403. (403 is probably the most common when creating policy for blocked URL categories.) Status Code Description 302 The requested URL was temporarily changed but the same URL should be used in the future. 307 The URL was temporarily moved. The new URL should be given. 403 Access forbidden. Next Step: Create Policy for a Custom Exception Page Create Policy for a Custom Exception Page To reference the custom exceptions page you have created, you need to create policy. By creating policy, you instruct the ProxySG how to handle the exceptions being processed. 1. Log in to the ProxySG Management Console. 2. Select Configuration > Policy > Visual Policy Manager > Launch to open the Visual Policy Manager. 3. Select Policy > Web Access Layer. 4. In the Add New Layer pop-up dialog, enter a name for the Web Access layer. 5. To define the action that returns your custom exception, right click the Action setting and select Set. The Set Action Object dialog displays. 12

Blue Coat Security First Steps 6. Select New > Return Exception from the Set Action Object dialog. The Add Return Exception dialog displays. 7. Select User-defined exception from the Add Return Exception dialog. 8. Select the custom exception you created from the drop-down list. 9. Select OK. 10. Select OK. 11. Select Install Policy. 12. Select OK in the confirmation dialog. 13. Close the Visual Policy Manager. 13

Creating Custom Exception Pages Next Step: Test a Custom Exception Page Test a Custom Exception Page To test your custom exception page, go to a URL denied by your policy. For example, if the Shopping category is blocked, go to amazon.com. You should see the custom exceptions page you created. 14

Blue Coat Security First Steps Exception Page Troubleshooting Why are my HTML tags displaying in my browser? 15 How can I view the exception page I created? 15 Why doesn't the content of my exception page display? 16 Why can't I delete my custom exceptions page? 16 Why are my HTML tags displaying in my browser? Problem: When I click "View Sample HTML," from the Management Console, my content displays but fragments of HTML tags mistakenly display as well. Resolution: When you code HTML, all tags and characters must have opening and closing characters to match. For example, every <opening tag> must have a matching </closing tag>. Similarly, all "" and <> need to be properly opened and closed. If you do not do this, HTML renders improperly in various ways. Colors may not display correctly, a blank page may display or images may appear broken. 1. Open the HTML file containing your exception page code in a text editor. Study the code to make sure all opening tags have matching closing tags. Look for other errors (such as typing mistakes) in your tags. correct any errors you find. 2. Log in to your CLI console using a remote log-in utility. 3. To edit the exception page, enter the following commands. SG# config SG# exceptions SG# edit name_of_exception SG# inline EOF 4. Copy the HTML code from the file you edited in step 1 above. 5. Paste the HTML code into your CLI console. 6. Type EOF. and press Enter. Note: You can test your HTML before copying it into the console by right clicking the file and opening it with your browser of choice. How can I view the exception page I created? Problem: I would like to see a preview my custom exception page. Resolution: 1. Open the Management Console, select Configuration > Policy > Exceptions. 2. Select View File >Exception Configuration > View. 3. Choose the exception you would like to view from the User-Defined list. Click "View Sample HTML". The custom exception page opens in a new window. 15

Creating Custom Exception Pages Why doesn't the content of my exception page display? Problem: When I view my HTML output in the Management Console viewer, I am only able to see the name of the exception page I created. The image below is how my browse displays my custom exception page. Resolution: When you name your custom exception page, it is not necessary to precede the name with "user-exception." If you have mistakenly preceded the name of your exception with "user-defined," you need to delete it so that you can recreate the exception. You can do that by following the procedures listed in the Why can't I delete my custom exceptions page? topic. After deleting the misnamed exception, you can create a new custom exception page, with the correct name, by following the procedures in the Solution: Create Custom Exception Pages Why can't I delete my custom exceptions page? Problem: I cannot delete the custom exception page I created. Resolution: Custom exception pages that are referenced by policy cannot be deleted. In order to delete your custom exception page, you must first delete the policy that references the custom exception you wish to delete. Once you have deleted the policy, you can delete the custom exception. 1. Log in to the Management Console. 2. Select Configuration > Visual Policy Manager > Launch. 3. In the VPM, right-click the tab of the policy layer you wish to delete. 4. Click Delete Layer or Rule. 5. Click Yes to confirm the deletion. 6. Close the VPM. Once the above instructions are complete, you can delete the custom exception. 1. Log in to your CLI console using a remote log-in utility. 2. Enter the following CLI commands. SG# config SG# exceptions SG# edit name_exception SG# delete name_exception ok 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback