Customer has integrated ProxySG with Symantec's DLP solution via icap. The customer now wants to send the username via icap and have DLP do the group lookup based on the username the Bluecoat ProxySG sends.

In Proxy device, one can apply policy options given below to achieve this. The options given below depends on how the format should be when sending to the DLP device.

Option 1: Username in the format of "Domain\Username"

<Proxy>
action.ICAP_REQMOD_User(yes)

define action ICAP_REQMOD_User
set(icap_reqmod.request.x_header.X-Authenticated-User, '$(user:encode_base64)')
end

Option 2: Username in the format of "username". i.e. without Domain prefix

<Proxy>
action.ICAP_REQMOD_User(yes)

define action ICAP_REQMOD_User
set(icap_reqmod.request.x_header.X-Authenticated-User, '$(cs-username:encode_base64)')
end

Note: The username sent by the ProxySG is base-64 encoded