Blue Coat Systems Proxy SG Manuale Utente
ProxySG Content Policy Language Guide
54
attribute.name=
Tests if the current transaction is authenticated in a RADIUS or LDAP realm, and if the authenticated
user has the specified attribute with the specified value. This trigger is unavailable if the current
transaction is not authenticated (that is, the
user has the specified attribute with the specified value. This trigger is unavailable if the current
transaction is not authenticated (that is, the
authenticate
property is set to
no
).
If you reference more than one realm in your policy, you may wish to disambiguate attribute tests by
combining them with a realm= test. This can reduce the number of extraneous queries to
authentication services for attribute information that does not pertain to that realm.
combining them with a realm= test. This can reduce the number of extraneous queries to
authentication services for attribute information that does not pertain to that realm.
Syntax
attribute.name=value
where:
•
name
is a RADIUS or LDAP attribute. The
name
attribute’s case-sensitivity depends on the type of
authentication realm.
•
RADIUS realm: The only available attribute is
ServiceType
, which is always case-sensitive.
•
LDAP realm: Case-sensitivity depends on the realm definition in configuration.
•
value
: An attribute value.
Layer and Transaction Notes
•
Use in
<Admin>
and
<Proxy>
layers.
•
Applies to proxy and administrator transactions.
•
This condition cannot be combined with the
authenticate()
or
socks.authenticate()
properties.
Examples
; This example uses the value of the ContentBlocking attribute associated with a
; user to select which content categories to block. (SmartFilter 3 categories are
; used.)
<proxy>
authenticate(LDAPRealm)
<proxy> exception(content_filter_denied)
attribute.ContentBlocking=Adult category=(Sex, Nudity, Mature, Obscene/Extreme)
attribute.ContentBlocking=Violence category=(Criminal_Skills, Hate_Speech)
...
; This example uses the attribute property to determine permissions associated with
; RADIUS authentication.
define condition ProxyAllowed
attribute.ServiceType=(2,6,7,8)
end