Cisco Cisco Web Security Appliance S670 ユーザーガイド
16-9
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 16 Notifying End Users
Defining End-User Notification Pages Off-Box
For example, the following text is some HTML code that uses %R as a conditional variable to check if
re-authentication is offered, and uses %r as a regular variable to provide the re-authentication URL.
re-authentication is offered, and uses %r as a regular variable to provide the re-authentication URL.
Any variable included in
can be used as a conditional variable. However, the
best variables to use in conditional statements are the ones that relate to the client request instead of the
server response, and the variables that may or may not evaluate to TRUE instead of the variables that
always evaluate to TRUE. For example, the %t variable (timestamp in Unix seconds plus milliseconds)
always evaluates to TRUE, so there is little value in making an if-then statement based on it.
server response, and the variables that may or may not evaluate to TRUE instead of the variables that
always evaluate to TRUE. For example, the %t variable (timestamp in Unix seconds plus milliseconds)
always evaluates to TRUE, so there is little value in making an if-then statement based on it.
Defining End-User Notification Pages Off-Box
You can define notification pages outside the Web Security appliance by redirecting all notification
pages to a custom URL you specify. You might want to do this to display a different block page for
different reasons, or to use a third party logging tool to log the block events.
pages to a custom URL you specify. You might want to do this to display a different block page for
different reasons, or to use a third party logging tool to log the block events.
When you redirect notification pages to a URL, by default, AsyncOS redirects all blocked websites to
the URL regardless of the reason why it blocked the original page. However, AsyncOS also passes
parameters as a query string appended to the redirect URL so you can ensure that the user sees a unique
page explaining the reason for the block. For more information on the included parameters, see
the URL regardless of the reason why it blocked the original page. However, AsyncOS also passes
parameters as a query string appended to the redirect URL so you can ensure that the user sees a unique
page explaining the reason for the block. For more information on the included parameters, see
.
When you want the user to view a different page for each reason for a blocked website, construct a CGI
script on the web server that can parse the query string in the redirect URL. Then the server can perform
a second redirect to an appropriate page.
script on the web server that can parse the query string in the redirect URL. Then the server can perform
a second redirect to an appropriate page.
Rules and Guidelines
Consider the following rules and guidelines when entering the custom URL for notification pages:
•
You can use any HTTP or HTTPS URL.
•
The URL may specify a specific port number.
•
The URL may not have any arguments after the question mark.
•
The URL must contain a well-formed hostname.
For example, if you have the following URL entered in the Redirect to Custom URL field:
http://www.example.com/eun.policy.html
And you have the following access log entry:
%?R
<div align="left">
<form name="ReauthInput" action="%r" method="GET">
<input name="Reauth" type="button" OnClick="document.location='%r'"
id="Reauth" value="Login as different user...">
</form>
</div>
%#R
1182468145.492 1 172.17.0.8 TCP_DENIED/403 3146 GET http://www.espn.com/index.html
HTTP/1.1 - NONE/- - BLOCK_WEBCAT-DefaultGroup-DefaultGroup-NONE-NONE-DefaultRouting
<IW_sprt,-,-,-,-,-,-,-,-,-,-,-,-,-,-,IW_sprt,-> -