Blue Coat ProxySG First Steps Solution for Exception Pages SGOS 6.7

Similar documents
Blue Coat Security First Steps Solution for Exception Pages

Blue Coat ProxySG First Steps Transparent Proxy Deployments SGOS 6.7

Blue Coat ProxySG First Steps Solution for Controlling HTTPS SGOS 6.7

Blue Coat Security First Steps Solution for Controlling HTTPS

Using Kerberos Authentication in a Reverse Proxy Environment

Office 365 Best Practices: Protocols

Multi-Tenant Policy Deployment Guide

IPv6 Classification. PacketShaper 11.8

Migrating to a New ProxySG Appliance. ProxySG 900/9000 to ProxySG S400/500

SGOS on KVM Deployment Guide

VeriSign Managed PKI for SSL and Symantec Protection Center Integration Guide

Partner Information. Integration Overview. Remote Access Integration Architecture

SGOS on AWS Deployment Guide

Partner Information. Integration Overview Authentication Methods Supported

Symantec Control Compliance Suite Express Security Content Update for Microsoft Windows Server 2008 R2 (CIS Benchmark 2.1.

Blue Coat Security First Steps Solution for Streaming Media

Blue Coat Security First Steps Solution for Streaming Media

Symantec Protection Center Getting Started Guide. Version 2.0

Symantec Managed PKI. Integration Guide for ActiveSync

Symantec Patch Management Solution for Windows 8.5 powered by Altiris technology User Guide

SymantecTM Desktop and Laptop Option. Symantec DLO s Storage in Cloud (Amazon Web Services)

Symantec Control Compliance Suite Express Security Content Update for JBoss Enterprise Application Platform 6.3. Release Notes

Symantec ediscovery Platform

SymantecTM Desktop and Laptop Option. Symantec DLO s Storage in Cloud (Amazon Web Services)

Symantec Cloud Workload Protection on AWS Marketplace. Buyer's Guide for Getting Started

Altiris Symantec Endpoint Protection Integration Component 7.1 SP1 Release Notes

Enterprise Vault.cloud CloudLink Google Account Synchronization Guide. CloudLink to 4.0.3

Configuration & Management Guide

Web Security Service. Near Real-Time Log Sync Solution Brief. Version /OCT

Symantec Validation & ID Protection Service. Integration Guide for Microsoft Outlook Web App

Symantec Enterprise Vault

Symantec Workflow 7.1 MP1 Release Notes

Partner Management Console Administrator's Guide

Symantec Validation and ID Protection. VIP Credential Development Kit Release Notes. Version May 2017

Blue Coat Security First Steps Solution for Integrating Authentication Using LDAP

Symantec Ghost Solution Suite Web Console - Getting Started Guide

Reverse Proxy Deployment Guide

Enterprise Vault Versions of FSA Agent and Enterprise Vault Reporting or later

Message Manager Administrator Guide

Symantec Validation and ID Protection. VIP Credential Development Kit Release Notes. Version January 2017

Nimsoft Service Desk. Single Sign-On Configuration Guide. [assign the version number for your book]

Symantec Managed PKI. Integration Guide for AirWatch MDM Solution

Symantec Workflow Solution 7.1 MP1 Installation and Configuration Guide

Veritas Desktop and Laptop Option 9.1 Qualification Details with Cloud Service Providers (Microsoft Azure and Amazon Web Services)

Message Manager Administrator Guide for ZA

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. For Red Hat Enterprise Linux 5

Veritas Desktop and Laptop Option Mac Getting Started Guide

Symantec Desktop and Laptop Option 8.0 SP2. Symantec Desktop Agent for Mac. Getting Started Guide

QUICK START: SYMANTEC ENDPOINT PROTECTION FOR AMAZON EC2

Blue Coat Security First Steps. Solution for Integrating Authentication using IWA BCAAA

Enterprise Vault Requesting and Applying an SSL Certificate and later

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. AIX 5.3 and 6.1

Veritas NetBackup Backup, Archive, and Restore Getting Started Guide. Release 8.1.2

Veritas Desktop and Laptop Option 9.2. Disaster Recovery Scenarios

Patch Assessment Content Update Getting Started Guide for CCS 11.1.x and CCS 11.5.x

Enterprise Vault Migrating Data Using the Microsoft Azure Blob Storage Migrator or later

Patch Assessment Content Update Getting Started Guide for CCS 12.0

Symantec Enterprise Vault

Creating New MACHINEGUID and Disk UUID Using the PGPWdeUpdateMachineUUID.exe Utility

Adaptive Strong Authenticator Configuration Guide 10g ( ) December 2007

Configuring Symantec Protection Engine for Network Attached Storage. Dell FluidFS 5.0

Enterprise Vault.cloud Journaling Guide

Symantec ServiceDesk 7.1 SP1 Implementation Guide

Veritas ediscovery Platform

Symantec Enterprise Vault

NetBackup Copilot for Oracle Configuration Guide. Release 2.7.1

Veritas System Recovery 18 Management Solution Administrator's Guide

Veritas Desktop Agent for Mac Getting Started Guide

ProxySG Virtual Appliance MACH5 Edition Initial Configuration Guide

Symantec NetBackup Appliance Fibre Channel Guide

Veritas NetBackup OpenStorage Solutions Guide for Disk

Security Content Update Release Notes for CCS 12.x

Altiris Software Management Solution 7.1 from Symantec User Guide

Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control 12.1.

Veritas Desktop and Laptop Option Mobile Application Getting Started Guide

Veritas System Recovery 16 Management Solution Administrator's Guide

PGP Viewer for ios. User s Guide 1.0

Enterprise Vault Troubleshooting FSA Reporting. 12 and later

ProxySG Virtual Appliance MACH5 Edition Initial Configuration Guide

Symantec Enterprise Security Manager Baseline Policy Manual for Security Essentials. Solaris 10

QUICK START: VERITAS STORAGE FOUNDATION BASIC FOR AMAZON EC2

Altiris IT Analytics Solution 7.1 from Symantec User Guide

Symantec NetBackup Vault Operator's Guide

Symantec Drive Encryption Evaluation Guide

Polycom RealPresence Resource Manager System

Symantec NetBackup OpsCenter Reporting Guide. Release 7.7

Custom Location Extension

PGP NetShare FlexResponse Plug-In for Data Loss Prevention

Symantec Information Centric Analytics Symantec ICT Integration Guide. Version 6.5

Symantec NetBackup for Lotus Notes Administrator's Guide. Release 7.6

IM: Symantec Security Information Manager Patch 4 Resolved Issues

Symantec pcanywhere 12.5 SP4 Release Notes

Symantec Endpoint Protection Integration Component User's Guide. Version 7.0

Precise for BW. User Guide. Version x

Symantec PGP Viewer for ios

Nimsoft Monitor Server

Configuring Symantec Protection Engine for Network Attached Storage. Compuverde vnas Cluster

Clearwell ediscovery Platform

Symantec Encryption Management Server and Symantec Data Loss Prevention. Integration Guide

Symantec Enterprise Vault Technical Note

Transcription:

Blue Coat ProxySG First Steps Solution for Exception Pages SGOS 6.7

Legal Notice Copyright 2018 Symantec Corp. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Blue Coat, and the Blue Coat logo are trademarks or registered trademarks of Symantec Corp. or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. SYMANTEC CORPORATION PRODUCTS, TECHNICAL SERVICES, AND ANY OTHER TECHNICAL DATA REFERENCED IN THIS DOCUMENT ARE SUBJECT TO U.S. EXPORT CONTROL AND SANCTIONS LAWS, REGULATIONS AND REQUIREMENTS, AND MAY BE SUBJECT TO EXPORT OR IMPORT REGULATIONS IN OTHER COUNTRIES. YOU AGREE TO COMPLY STRICTLY WITH THESE LAWS, REGULATIONS AND REQUIREMENTS, AND ACKNOWLEDGE THAT YOU HAVE THE RESPONSIBILITY TO OBTAIN ANY LICENSES, PERMITS OR OTHER APPROVALS THAT MAY BE REQUIRED IN ORDER TO EXPORT, RE-EXPORT, TRANSFER IN COUNTRY OR IMPORT AFTER DELIVERY TO YOU. Symantec Corporation 350 Ellis Street Mountain View, CA 94043 www.symantec.com 3/12/2018

Blue Coat ProxySG First Steps Contents Solution: Create Custom Exception Pages 4 Set Services to Intercept 4 Design a Custom Exception Page 4 Install a Custom Exception Page 7 Create Policy for a Custom Exception Page 9 Test a Custom Exception Page 10 Exception Page Troubleshooting 11 Why are HTML tags displaying in my browser? 11 How can I view the exception page I created? 11 Why doesn't the content of my exception page display? 12 Why can't I delete my custom exceptions page? 12 3

Creating Custom Exception Pages Solution: Create Custom Exception Pages An exception page is an HTML page that appears in a user's web browser after the person has tried to access a website the company has blocked access. For example, if the company has a policy that blocks the Shopping URL category and a user attempts to go to amazon.com, an exception page displays instead of the Amazon website. The ProxySG offers built-in exception pages and allows you to create custom exception pages. The steps below are the tasks you need to perform in order to create custom exception pages. Steps 1. "Design a Custom Exception Page" below. 2. "Install a Custom Exception Page" on page 7. 3. "Create Policy for a Custom Exception Page" on page 9. 4. "Test a Custom Exception Page" on page 10. Set Services to Intercept In transparent ProxySG deployments, Internet applications aren't aware that the proxy is in the network, so the ProxySG has to monitor the ports used for their traffic. The most common ports are 80 (HTTP), 443 (HTTPS), and 1935 (RTMP). Any transparent traffic that doesn't have a proxy service set to intercept will pass through the proxy's interfaces unfiltered. For explicit proxy deployments, client browsers direct all traffic to the appliance on the same port, (typically 80 or 8080). When explicit traffic is intercepted, the appliance uses an advanced protocol detection method to identify the type of traffic (HTTP, HTTPS, RTMP, and so on) and handles it according to the standards for that traffic. Open the Proxy Services page (Configuration > Services > Proxy Services) and set the desired services to Intercept. Design a Custom Exception Page Exception pages are rendered in HTML.To design a custom exception page, you need to create an HTML page to display your customized exception message. The HTML page you design displays when users try to access content for which a blocking policy has been created. This topic discusses the process of designing your custom exception page using HTML code. 1. Copy the following HTML code. <!DOCTYPE html> <html> <head> <title>denied Access Policy </title> <meta name= "author" content = "Your Company Name Here" > <meta name="description" content = "Denied Access Policy" > <meta name="category" content = "$(exception.category)"> </head> 4

Blue Coat ProxySG First Steps <body> <center> <img src= "www.yourcompany.com/images/nameofimage.jpg" /><br> <p> <font face = "Arial, Helvetica, sans-serif" size = "4" color = "Red" ><b>you are about to access the internet from: Your Company Network </font><br> <font face= "Arial, Helvetica, sans-serif" size = "4" color = "Red">INTERNET USAGE IS MONITORED AND LOGGED.</font><br> <font face = "Arial, Helvetica, sans-serif" size = "3" color = "Red"><b>Your IP address: 123.45.67.89 <!--$(client.address)--> <br>your username: Jane Smith <!-- $(user.name)--></b></font><br> <font face = "Arial, Helvetica, sans-serif" size = "4" color = "red" >YOU HAVE BEEN DENIED ACCESS TO THIS SITE. PLEASE READ OUR SECURITY POLICY AT: http://intranet.example.com/up.html <front><br> <font face = "Arial, Helvetica, sans-serif" size = "4" color = "red" > This has been reported by: Your Proxy Name <!--$(proxy.name)--><font><br> For any comments email <A href='mailto: YourCompany@example.com?subject=Barred web page <!--$(url)-->, IP address: <!--$(client.address)-->, User ID: <!-- $(user)-->' > Customer Service Center</a></font></a></font> </p> </center> </body> </html> Errors can occur if <Opening tags> are not followed by </Closing tags> resulting in the improper rendering of your exception page content. 2. Paste the copied HTML code into an HTML or text editor. Each tag is designed to hold a particular type of text and It's important that you use each tag according to that purpose. Below is a close up of each tag that needs to be modified to fit your exception page needs. a. Edit the title of the exception page by removing the text in between the opening and closing title tags, and replacing that text with the name of the exception page you are creating. <title> Exception Page Title </title>. b. Edit the meta data tags to represent your company name, and the name of the exception. <meta name = "author" content = "Your Company Name Here"> <meta name = "description" content = "Denied Access Policy"> c. Edit the image tag to include your company logo. <img src="www.yourcompany.com/images/nameofimage.jpg" />. You can not download your company logo or other graphics on to the ProxySG. You can however, reference graphics from an externally hosted source, as shown in the above example. d. Edit the text between the opening and closing <font> tags to create your desired exception message. The font tags below display the body of your exception message. <font face = "Arial, Helvetica, sans-serif" size = "4" color = "Red" 5

Creating Custom Exception Pages ><b>you are about to access the Internet from the Your Company Network </font><br> <font face= "Arial, Helvetica, sans-serif" size = "4" color = "Red">INTERNET USAGE IS MONITORED AND LOGGED.</font><br> <font face = "Arial, Helvetica, sans-serif" size = "3" color = "Red"><b>Your IP address: 123.45.67.89 <!--$(client.address)--> <br>your username: <!--$(user.name)--></b></font><br> <font face = "Arial, Helvetica, sans-serif" size = "4" color = "red" >YOU HAVE BEEN DENIED ACCESS TO THIS SITE. PLEASE READ OUR SECURITY POLICY AT http://intranet.example.com/up.html <front><br> <font face = "Arial, Helvetica, sans-serif" size = "4" color = "red" > This has been reported by <!--$(proxy.name)-><font><br> For any comments email <A href='mailto:yourcompany@example.com?subject=barred web page <!-- $(url)-->, IP address: <!--$(client.address)-->, User ID: <!--$(user)-- >' > Customer Service Center</a></font></a></font> When you encounter a variable name such as $(client.address) enclosed in a comment such as: <!--$(client.address)--> You can remove the comments so that the content displays the information contained in the variable. You can delete them if you do not intend on ever displaying the information. e. Edit the font tag itself to change the font type, size and color. For example, to change the size of the font to 7, you need to change the attribute, from size = "3" to size = "7". Each attribute s value must be surrounded in quotes otherwise the HTML does not render as desired. <font face="arial, Helvetica, sans-serif" size="3" color="red"><b> Your IP address: $(client.address) <br> Your username: $(user.name)</b> </font><br> 3. Save the file with the.html file extension. Substitution variables are predefined variables that can be included in your exception page. These variables, when referenced in your HTML code, display the values of the variables when the exception page is displayed to the user. The most commonly used substitution variables are listed below. Variable Description $(exception.category) The category of the requested URL $(user) The name of the requester $(url.host) The requested URL's host name portion $(proxy.name) The name of the ProxySG $(client.address) The IP address of the client A full list of variables can be found in the CPL guide, Appendix D. 6

Blue Coat ProxySG First Steps Install a Custom Exception Page Before you begin this step, be sure that you have completed the steps in the topic "Design a Custom Exception Page" on page 4. Use the command line interface to install the custom exceptions page you created. 1. Use a remote login utility (such as Putty) to access the command line interface. 2. Enter the following CLI commands: SG# enable Enable Password: SG# conf t SG#(config) exceptions SG#(config exceptions) create my_exception ok SG#(config exceptions) edit my_exception SG#(config exceptions user-defined.my_exception) inline format EOF 3. Copy the code from your HTML file and paste that code into the command line. 4. After you have pasted in the HTML code, type EOF to signal the end of your code. ok Once you have entered your CLI commands and HTML code in to the CLI, your screen should be similar to the following example. 7

Creating Custom Exception Pages 5. Assign an HTTP response status code to your custom exception page by entering the following command: SG#(config exceptions user-defined.my_exception) http-code <code#> ok where <code#> is one of the following HTTP status codes: 302, 307, 403. (403 is probably the most common when creating policy for blocked URL categories.) Status Code Description 302 The requested URL was temporarily changed but the same URL should be used in the future. 307 The URL was temporarily moved. The new URL should be given. 403 Access forbidden. 8

Blue Coat ProxySG First Steps Create Policy for a Custom Exception Page To reference the custom exceptions page you have created, you need to create policy. By creating policy, you instruct the ProxySG how to handle the exceptions being processed. 1. Log in to the ProxySG Management Console. 2. Open the Visual Policy Manager. a. Select Configuration > Policy > Visual Policy Manager. b. Click Launch. The VPM opens in a new window. 3. Select Policy > Add Web Access Layer. 4. In the Add New Layer pop-up dialog, enter a name for the Web Access layer and click OK. 5. To define the action that returns your custom exception, right-click the Action column and select Set. The Set Action Object dialog opens. 6. Select New > Return Exception from the Set Action Object dialog. The Add Return Exception Object dialog opens. 7. Select User-defined exception in the Add Return Exception Object dialog. 8. Select the custom exception you created from the User-defined exception drop-down list. 9

Creating Custom Exception Pages If the custom page is not on the list, you may need to log out of the ProxySG Management Console and then log back in to get the field to populate. 9. Click OK and click OK again. 10. Install the policy. 11. Close the Visual Policy Manager. Test a Custom Exception Page To test your custom exception page, go to a URL denied by your policy. For example, if the Shopping category is blocked, go to amazon.com. You should see the custom exceptions page you created. 10

Blue Coat ProxySG First Steps Exception Page Troubleshooting Why are HTML tags displaying in my browser? 11 How can I view the exception page I created? 11 Why doesn't the content of my exception page display? 12 Why can't I delete my custom exceptions page? 12 Why are HTML tags displaying in my browser? Problem: When I click "View Sample HTML," from the Management Console, my content displays but fragments of HTML tags mistakenly display as well. Resolution: When you code HTML, all tags and characters must have opening and closing characters to match. For example, every <opening tag> must have a matching </closing tag>. Similarly, all "" and <> need to be properly opened and closed. If you do not do this, HTML renders improperly in various ways. Colors may not display correctly, a blank page may display or images may appear broken. 1. In a text or HTML editor, open the HTML file containing your exception page code. Study the code to make sure all opening tags have matching closing tags. Look for other errors (such as typing mistakes) in your tags. correct any errors you find. 2. Log in to your CLI console using a remote log-in utility. 3. To edit the exception page, enter the following commands. SG# config SG# exceptions SG# edit name_of_exception SG# inline EOF 4. Copy the HTML code from the file you edited in step 1 above. 5. Paste the HTML code into your CLI console. 6. Type EOF and press Enter. You can test your HTML before copying it into the console by right clicking the file and opening it with your browser of choice. How can I view the exception page I created? Problem: I would like to see a preview my custom exception page. Resolution: 1. In the Management Console, select Configuration > Policy > Exceptions. 2. Select View File > Exception Configuration > View. 3. Choose the exception you would like to view from the User-Defined list. Click View Sample HTML. The custom exception page opens in a new window. 11

Creating Custom Exception Pages Why doesn't the content of my exception page display? Problem: When I view my HTML output in the Management Console viewer, I am only able to see the name of the exception page I created. The image below is how the browser displays my custom exception page. Resolution: When you name your custom exception page, it is not necessary to precede the name with "user-defined." If you have mistakenly preceded the name of your exception with "user-defined," you need to delete it so that you can recreate the exception. You can do that by following the procedures listed in the "Why can't I delete my custom exceptions page?" below topic. After deleting the misnamed exception, you can create a new custom exception page, with the correct name, by following the procedures in the "Solution: Create Custom Exception Pages" on page 4 Why can't I delete my custom exceptions page? Problem: I cannot delete the custom exception page I created. Resolution: Custom exception pages that are referenced by policy cannot be deleted. In order to delete your custom exception page, you must first delete the policy that references the custom exception you wish to delete. Once you have deleted the policy, you can delete the custom exception. 1. Log in to the Management Console. 2. Select Configuration > Policy > Visual Policy Manager > Launch. 3. In the VPM, right-click the tab of the policy layer you wish to delete. 4. Click Delete Layer or Rule. 5. Click Yes to confirm the deletion. 6. Close the VPM. Once the above instructions are complete, you can delete the custom exception. 1. Log in to your CLI console using a remote log-in utility. 2. Enter the following CLI commands. SG# config SG# exceptions SG# edit name_exception SG# delete name_exception ok 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback