search cancel

How to create a custom exception page using the ProxySG command line interface

book

Article ID: 166045

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Creating custom exception pages using the CLI reduces the chance for error. CLI process guides for each input separately, and reduces considerations for the exception-page data structure (or the placement of content).

 

 

 

Environment

Access the CLI through serial console or SSH.

Resolution

The following commands create a user-defined exception page that returns a HTTP status code of 403 to the client, and uses the same HTML content as described in the tech brief linked previously in this article.

Blue Coat SG#
Blue Coat SG# config terminal
Enter configuration commands, one per line.  End with CTRL-Z.
Blue Coat SG#(config)exceptions
Blue Coat SG#(config exceptions)create my_exception
  ok
Blue Coat SG#(config exceptions)edit my_exception

In the following sample, the command "inline format EOT" specifies the content of your exception page. The "EOT" marker tells SGOS this is the end-of-text, and must be at the beginning of its own line for SGOS to detect that you're finished entering the exception page content.  It's also case-sensitive.

Blue Coat SG#(config exceptions user-defined.my_exception)inline format EOT
<html>
<head>
<title>Denied Access Policy </title>
<meta name="author" content="Example Company">
<meta name="description" content="Denied Access Policy">
</head>
<body>
<center>
<p>
<font face="Arial, Helvetica, sans-serif" size="4" color="Red"><b>You are about to access the Internet from the Example Company Network
<p>
<font face="Arial, Helvetica, sans-serif" size="4" color="Red">INTERNET USAGE IS MONITORED AND LOGGED.</font>
<p>
<font face="Arial, Helvetica, sans-serif" size="3" color="Red"><b> Your IP address: $(client.address)
<br>Your username: $(user.name)</b></font>
<p>
<font face="Arial, Helvetica, sans-serif" size="4" color="red">YOU HAVE BEEN DENIED ACCESS TO THIS SITE. PLEASE READ OUR
SECURITY POLICY AT http://intranet.example.com/up.html
<p>
For any comments email <A href='mailto:[email protected]?subject=Barred web page $(url), IP address: $(client.address), User ID:
$(user)'>Customer Service Center</a></font>
<p>
</center>
</body>
</html>
EOT               

  ok

Blue Coat SG#(config exceptions user-defined.my_exception)http-code 403 
  ok
Blue Coat SG#(config exceptions user-defined.my_exception)exit
Blue Coat SG#(config exceptions)exit
Blue Coat SG#(config)exit
Blue Coat SG#

If using Blue Coat Reporter, change http-code 403 to an appropriate code if needed so Reporter reports the correct verdict.

Implementing this CLI results in a custom exception page called "my_exception" in the ProxySG configuration.

Once the Custom exception page is created in the CLI, if the Management Console GUI was already open, a new browser session is needed for java to display the new exception page as an option in the VPM.

To select the Exception page to be used in the VPM rule:

  1. Right Click the Action field of the rule to reference the new Exception 
  2. Click Set
  3. Click New
  4. Select "Return Exception" object
  5. Name the customer exception object appropriately
  6. Click "User-defined exception"
  7. Click dropdown
  8. Select the new custom exception just created in CLI
  9. Click OK
  10. Install Policy

Users should now see the custom exception page created in CLI when block on that rule.