Blue Coat Systems Time Clock Proxy SG Manuale Utente

Chapter 3: Condition Reference

73

•

Applies to proxy and administrator transactions.

•

This condition cannot be combined with the 

authenticate( )

, 

proxy_authentication( )

, or

 

socks.authenticate( )

 properties.

; Test if user is authenticated in group all_staff and specified realm.

realm=corp group=all_staff

; This example shows sample group tests for each type of realm. It does 

; this by creating a condition in CPL that treats a group of administrators in 

; each realm as equivalent, granting them permission to administer the Security

; Appliance. Recall that the <Admin> layer uses a whitelist model by default.

define condition RW_Admin

realm=LocalRealm group=RWAdmin

realm=NTLMRealm group=xyz-domain\cache_admin

realm=LDAPRealm group=”cn=cache_admin, ou=groups, o=xyz”

; The RADIUSRealm uses attributes, and this can be expressed as follows:

realm=RADIUSRealm attribute.ServiceType=8

end condition RW_Admin

<admin>

client.adress=10.10.1.250/28 authenticate(LocalRealm)

client.adress=10.10.1.0/24 authenticate(NTLMRealm)

client.adress=10.10.2.0/24 authenticate(LDAPRealm)

client.adress=10.10.3.0/24 authenticate(RADIUSRealm)

<admin>

allow condition=RW_Admin admin.access=(READ||WRITE)

•

Conditions: 

attribute.name=

, 

authenticated=

, 

has_attribute.name=

, 

http.transparent_authentication=

, 

realm=

, 

user=

, 

user.domain=

•

Properties: 

authenticate( )

, 

authenticate.force( )

, 

check_authorization( )

, 

socks.authenticate( )

, 

socks.authenticate.force( )