Blue Coat Systems Time Clock Proxy SG Manuale Utente

ProxySG Content Policy Language Guide

54

attribute.name=

Tests if the current transaction is authenticated in a RADIUS or LDAP realm, and if the authenticated 
user has the specified attribute with the specified value. This trigger is unavailable if the current 
transaction is not authenticated (that is, the 

authenticate

 property is set to 

no

).

If you reference more than one realm in your policy, you may wish to disambiguate attribute tests by 
combining them with a realm= test. This can reduce the number of extraneous queries to 
authentication services for attribute information that does not pertain to that realm.

attribute.name=value

where:

•

 is a RADIUS or LDAP attribute. The 

 attribute’s case-sensitivity depends on the type of 

authentication realm.

•

RADIUS realm: The only available attribute is 

ServiceType

, which is always case-sensitive.

•

LDAP realm: Case-sensitivity depends on the realm definition in configuration.

•

: An attribute value.

•

Use  in 

<Admin>

 and 

<Proxy>

 layers.

•

Applies to proxy and administrator transactions.

•

This condition cannot be combined with the 

authenticate()

 or 

socks.authenticate()

 

properties.

; This example uses the value of the ContentBlocking attribute associated with a

; user to select which content categories to block. (SmartFilter 3 categories are 

; used.)

<proxy>

authenticate(LDAPRealm)

<proxy> exception(content_filter_denied)

attribute.ContentBlocking=Adult category=(Sex, Nudity, Mature, Obscene/Extreme)

attribute.ContentBlocking=Violence category=(Criminal_Skills, Hate_Speech)

...

; This example uses the attribute property to determine permissions associated with 

; RADIUS authentication.

define condition ProxyAllowed

attribute.ServiceType=(2,6,7,8)

end