Cloud / Hybrid Common Policy - How to overwrite Cloud exception pages

book

Article ID: 168722

calendar_today

Updated On:

Products

Web Security Service - WSS ProxySG Software - SGOS

Issue/Introduction

When you implement the Hybrid Cloud (also known as Common Policy or Auto-Policy Sync), your Web Security Service (ThreatPulse cloud) policy downloads and installs onto your existing on-premise ProxySG appliance for local policy evaluation.

While it is possible to overwrite certain cloud policy rules in the VPM or local CPL policy, the exception page returned to the user is always the same as the one defined in your Web Security Service portal.

To have your local ProxySG appliance return a different exception page than that of the cloud exception page, overwrite it with the following CPL.

Note: You cannot use the VPM because 'exception.format' is not an available object in the VPM editor.

Cause

The CPL condition exception.format() in the cloud policy overwrites exception(), which is used by the on-premise ProxySG appliance.

Resolution

Option 1:
Step 1:
Create a new CPL proxy layer
<proxy>
exception.format(default)


Option 2:
Step 1:
Define your new exception page in any of the local policy files (local/central).  This is the one you want the local ProxySG appliance to display in replacement of your cloud exception page.
define string custom-exception-page
><html>
>Your custom exception page
></html>
end
Be advised: Each new line in your HTML document must start with >.
Step 2: Reference your new exception page in any CPL you write. For example:
<proxy>
url.domain=blocked-domain.com exception.format(exception-page) DENY