1 Technical Brief

ProxySG TechBrief Implementing Exception Pages

What are exception pages?
Exception pages are customized Web pages (or messages) sent to users under specific
conditions defined by a company and their security policies. The ProxySG offers multiple built-in
exception pages that can be modified for a companys particular needs. Default pages include
authentication_failed, policy_denied, and so on. Additionally, administrator-defined exception
pages can be created. These pages can reference substitution variables such as authenticated
username, client IP address, time, date, and so on, enabling the security administrator to create
user specific messages.

Why implement exception pages?
Exception pages allow a company to warn, advise, and block users from accessing particular
Web sites. These pages give administrators a great deal of flexibility when managing their
enterprise administration in terms of how much control they desire to exert over their user
community. When a user is denied access to a particular Web site, for example, the administrator
can send a customized message to the user explaining the reason for this action.

Exception pages are defined within a hierarchy. There are two main types of exception pages in
the hierarchy:

Built-in
User-defined

The general form of an exception is the following:

(exception.<exception-id>
(contact "") ; displays the contact for further assistance
(details "") ; displays the reason why the exception was sent
(format ""); defines the format of the page, specifically HTML content
(help "") ; defines the help message
(summary "") ; defines a summary of the message
(http ; specific message for HTTP requests only
(code "") ; HTTP return code (typically 200 or 403)
(contact "" ; displays the contact for further assistance
(details "") ; displays the reason why the exception was sent
(format "") ; defines the format of the page, specifically HTML
content
(help "") ; defines the help message
(summary ""); defines a summary of the message
)
)

New exceptions are created under the User-defined leaf. The security administrator can define
default parameters for all user-defined exceptions.




2 Technical Brief
How to implement exception pages
There are two steps to implementing exception pages
1. Create an exception page applicable to current corporate security guidelines
2. Create a policy referencing the exception page

Step 1 Create an Exception Page
To create an exception page, use the Blue Coat Management Console, select the Policy option
then the Exceptions button as shown here.





Open the text editor, by selecting Text Editor from Install Exceptions Definitions from dropdown
list. Click on Install.

The following screen is displayed:


3 Technical Brief

To create a new exception page, scroll down until you find the following section on the screen.
You will need to insert your user-defined exception before the last ) character in this section:

(exception.user-defined.all
(contact)
(details)
(format)
(help)
(summary)
(http
(code "403")
(contact)
(details)
(format)
(help)
(summary)
)
)

(exception.user-defined.all
(contact)
(details)
(format)
(help)
(summary)
(http
(code "403")
(contact)
(details)
(format)

4 Technical Brief
(help)
(summary)
)
------------------- insert the user-defined customer error page here
)

You can create your own user-defined exception with HTML content our example is
called my_exception.

After the section described above, add the following code:

(exception.user-defined.my_exception
(http
(code "200")
(format <<--myexception--
<html>
<head>
<title>Denied Access Policy </title>
<meta name="author" content="Blue Coat systems">
<meta name="description" content="Denied Access Policy">
</head>
<body>
<center>
<img src=http://www.bluecoat.com/images/BCShp_logorev.gif>
<p>
<font face="Arial, Helvetica, sans-serif" size="4" color="Red"><b>You are
about to access the Internet from the Blue Coat Network
<p>
<font face="Arial, Helvetica, sans-serif" size="4" color="Red">INTERNET
USAGE IS MONITORED AND LOGGED.</font>
<p>
<font face="Arial, Helvetica, sans-serif" size="3" color="Red"><b> Your IP
address: $(client.address)<br>Your username: $(user.name)</b></font>
<p>
<font face="Arial, Helvetica, sans-serif" size="4" color="red">YOU HAVE
BEEN DENIED ACCESS TO THIS SITE. PLEASE READ OUR SECURITY POLICY AT
http://intranet.acme.com/up.html
<p>
For any comments email <A href='mailto:support@bluecoat.com?subject=Barred
web page $(url), IP address: $(client.address), User ID:
$(user)'>Customer Service Centre</a></font>
<p>
</center>
</body>
</html>
--myexception--
)
)
)


5 Technical Brief

Once you have pasted the code, click on Install to save your changes. You will then be prompted
with the following message.




6 Technical Brief

Step 2 Create a policy referencing this exception page
Open the Visual Policy Manager from the Blue Coat Management Console by selecting Policy
and then Visual Policy Manager.



In the VPM create your Web access policy and define as the action to return the user-defined
exception.




7 Technical Brief
Click on Return Exception and select the user-defined exception.


Select the user defined exception page from the dropdown list. Our example was called
my_exception.



Click OK and Install the Policy. The following screen shows the result of the saved policy.

8 Technical Brief



Test the exception page
To test the exception page, go to a URL denied by your policy and you will see the custom HTML
page as shown here.




Conclusion
The Blue Coat ProxySG allows a company to utilize exception pages to warn, advise, or block
users when they access particular Web sites that have been deemed questionable by a
corporation. The administrator can make use of built-in exception pages that are pre-defined by
the operating system or they can create their own custom exception pages. The ProxySG
provides flexibility for a company to control users when accessing Web pages ensuring greater
user productivity and compliance with corporate security policies.


9 Technical Brief
































Copyright 2003 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to
any electronic medium without the written consent of Blue Coat Systems, Inc. Specifications are subject to change without notice. Information
contained in this document is believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use. Blue Coat is
a registered trademark of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their
respective owners.


Contact Blue Coat Systems 1.866.30BCOAT 408.220.2200 Direct 408.220.2250 Fax www.bluecoat.com