ProxySG TechBrief Creating a Compliance Page

What is a compliance page?

The Blue Coat compliance page is a customized warning page that is posted to a users browser when they first attempt access to Internet. The Blue Coat compliance page ensures that employees review and acknowledge the companys acceptable use policy prior to gaining Internet access. The following screen presents the result of implementing the compliance page.

In the above example the user requests www.yahoo.com, and receives the policy screen and needs to click to acknowledge the policy before continuing.

After the user has complied with the policy they are granted access to www.yahoo.com and all permitted sites.

Technical Brief

How it works
A policy compliance page policy is based on: A redirection to the compliance page this is actually achieved with an exception A policy based on a cookie to identify if the user has complied to the policy or not Note: this policy works only for HTTP

The Compliance Page

The first step is to define the exception rule message that presents your corporate use policy. When the user requests a web page, a Blue Coat compliance page appears explaining the companys usage policy and the action the user needs to take. The following is an example of an HTML compliance page.

<html> <head> <title>Deferred Access Policy </title> <meta name="author" content="Blue Coat systems"> <meta name="description" content="Deferred Access Policy"> </head> <body> <center> <img src=http://www.bluecoat.com/images/BCShp_logorev.gif> <p> <font face="Arial, Helvetica, sans-serif" size="4" color="Red"><b>You are about to access the Internet from the Blue Coat Network <p> <font face="Arial, Helvetica, sans-serif" size="4" color="Red">INTERNET USAGE IS MONITORED AND LOGGED.</font> <p> <font face="Arial, Helvetica, sans-serif" size="3" color="Red"><b> Your IP address: $(client.address)<br>Your username: $(user)</b></font> <p> <font face="Arial, Helvetica, sans-serif" size="4" color="red">YOU MUST COMPLY WITH THE CORPORATE WEB ACCESS POLICY BEFORE ACCESSING THE INTERNET. <p> NOTE THAT CONTENT FILTERING AND VIRUS SCANNING ARE APPLIED <p> FAILURE TO COMPLY WITH THE POLICY WILL RESULT IN WEB ACCESS BEING DENIED

Technical Brief

<p>To comply with the Policy, please click <A HREF="$(url)"> here </A> <br> For any comments email <A href='support@bluecoat.com?subject=Barred web page $(url), IP address: $(client.address), User ID: $(user)'>Customer Service Centre</a></font> <p> </center> </body> </html>

The Exception Rule

A user-defined exception will be automatically created when you download the policy as explained in the next section.

Compliance Page Policy

The following presents the policy enabling the compliance page policy. The policy is processed as follows: The policy compliance page policy intercepts all HTTP requests to HTML content The request is checked to identify if the user has already complied to the policy Redirect user to compliance.policyexample.bluecoat.com/?comply://requestedurl Check if user presents the cookie comply If user presents the cookie comply then we redirect the user to http://requestedurl?comply Else, deny the user and display the built in error page If the user has already complied to the policy, user requests http://requestedurl?comply, the user http://requestedurl is redirected and the cookie is set to comply for the requestedurl

Implementing a Blue Coat Compliance Policy

There are four simple steps to deploy this policy: 1. 2. 3. 4. Download and save the pre-defined Blue Coat Policy Modify the policy to meet you requirements Open the Blue Coat management console to the archive page Install the policy and review results

Step 1
Copy the following pre-defined Blue Coat policy on to your local PC. The policy can be obtained by going to the following link: http://techlabs.bluecoat.com/policy/config_compliance.zip

Step 2
You may need to modify some parameters in the copied policy to customize the desired effect for your environment. For example, you may want to modify the warning screen to use your own message.

Step 3
To load the policy to your ProxySG, open the web management interface. Go into Configuration | General | Archive

Technical Brief

Then click on the button Install from Installation Configuration from Local File. You will see the following screen.

Then select the policy file that you previously saved to your PC.

Technical Brief

Step 4
Click on Install at the bottom of the above screen to save and install the policy. Check for any installation errors and correct. Once the policy is installed, you are ready to test and review the results.

Conclusion
The Blue Coat ProxySG allows a security administrator to create a compliance page that ensures that all users read and understand the companys corporate use policies when accessing the Internet. The compliance page can be customized to provide the reader with corporate updates, network outages, or other information as well. Once users have reviewed the written policy, they can click on the designated button to proceed and access Web sites according to defined policy on the ProxySG.

Copyright 2004 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of Blue Coat Systems, Inc. Specifications are subject to change without notice. Information contained in this document is believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use. Blue Coat is a registered trademark of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their respective owners. Contact Blue Coat Systems 1.866.30BCOAT 408.220.2200 Direct 408.220.2250 Fax www.bluecoat.com

Technical Brief