In UPE you can modify the Exception pages on the reference proxy to control how messages are displayed to end users.
However creating a page per exception is rather not necessarily the most efficient manner to provide relevant messages to end users when they are hitting a policy denied page.
In this article we will see how to achieve this with a single string and CPL exception handling code.
WSS with Management Center
n/a
The process detailed here relies on a simple feature of CPL, the exception function (also available in VPM):
exception(exception_id, details, string_name)
where
exception_id: Name of either a built-in exception or a custom exception of the form user_defined.exception_id that refers to a user-defined exception page.
details: Text string that is substituted for $(exception.details) within the selected exception.
string_name: String name, as defined by define string, that is substituted for $(exception.format).
Here is a very simple sample:
condition=App_Blocklist exception(content_filter_denied, "WAL Rule 2.1a - Application blocklist (added 2020-08-22)", mystring)
define string mystring
><h2>Policy denied - $(exception.details)</h2>
><p>The url you are trying to access is part of the Application blocklist.</p>
><p>You are not allowed to access this page.</p>
end
Image 1: Base policy sample results
This error string (mystring) is extremely simple and reusable, so we can build on this, as we can have different messages displayed depending on the rule that triggers the exception page.
The exception string here is built up (and renamed) to show extra information in a table format (without style):
; SECTION 2: Define based url category definitions - making this catch all for all tenants.
condition=App_Blocklist exception(content_filter_denied, "WAL Rule 2.1a - Application blocklist (added 2020-08-22)", exception.STD) ; Rule 2.1
condition=IP_Blocklist exception(content_filter_denied, "WAL Rule 2.2a - IP address blocklist (added 2020-08-22)", exception.STD) ; Rule 2.2
condition=URL_Blocklist exception(content_filter_denied, "WAL Rule 2.3a - URL blocklist (added 2020-08-22)", exception.STD) ; Rule 2.3
condition=Blocked_categories exception(content_filter_denied, "WAL Rule 2.4a - Blocked categories (added 2020-08-25)", exception.STD)
define string exception.STD
><table>
><table>
><tr><td><b>Exception summary: </b></td> <td> $(exception.summary)</td></tr>
><tr><td><b>Exception details: </b></td> <td> $(exception.details)</td></tr>
><tr><td><b>Date time: </b></td> <td> $(date.utc) $(time)</td></tr>
><tr><td><b>Destination URL: </b></td> <td> $(c-uri)</td></tr>
><tr><td><b>Client ip address: </b></td> <td> $(client.address)</td></tr>
><tr><td><b>Application Name: </b></td> <td> $(url.application.name)</td></tr>
><tr><td><b>Authenticated User: </b></td> <td> $(user.name)</td></tr>
><tr><td><b>WSS cluster-pod-sg: </b></td> <td> $(x-bluecoat-appliance-name)</td></tr>
><tr><td><b>Web Site Category (aggr): </b></td> <td> $(cs-categories)</td></tr>
><tr><td><b>Web Site Category (policy): </b></td> <td> $(cs-categories-policy)</td></tr>
><tr><td><b>Web Site Category (bluecoat): </b></td> <td> $(cs-categories-bluecoat)</td></tr>
><tr><td><b> </b></td> <td> </td></tr>
><tr><td><b>Policy name: </b></td> <td> ${policy.name}</td></tr>
><tr><td><b>Policy revision: </b></td> <td> ${policy.revision}</td></tr>
></table>
end
Image 2: More detailed policy sample results
We can then add a couple of paragraphs in the exception page and eventually, specific subsections, an image in the html (base64 encoded) for the company heading (Broadcom here) and a background image to soften the tone of the exception message.
define string exception.STD
><body style="background-image:url(https://images.pexels.com/photos/34090/pexels-photo.jpg?auto=compress&cs=tinysrgb&dpr=3&h=750&w=1260);
>background-size: 100%;"> <div style="text-align:center; font-family: Arial; font-size:14; width:800px; position: absolute; top: 50%;
>left: 50%; transform: translate(-50%, -50%); background-color: white; padding: 20px; margin-bottom:auto; margin-left:auto; margin-right:auto;">
><table>
><!-- Key Message for end users -->
><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJcAAAAWCAMAAAD6rf42AAAArlBMVEX///8AAADNIDH19fXm5ube3t7U1NS8vLyOjo7KABdCQkJdXV1vb2/s7Oz7
>+/vp6emtra2enp6YmJhKSkrMGCuzs7PDw8OBgYFTU1PLy8vJAAx3d3c6OjoQEBAzMzMuLi7subwnJycYGBj67O3y0tTLACDprrIgICBmZmbUUFnHAADknKHSR1LROkf34ePcgIHab3fSS03z
>2dXmp6XdeYDgkJHXZmjvxsbVXWDOMDpCc0RgAAADqklEQVRIic2XaX+iMBCHgxwKyCGHWEXFI6vVtq66tt3v/8V2joSjx6/vtp0XJX+cTB5mJoEKoW2z3W5N8cMsPPamrutOH6rvJulYJWXW
>Q8vcx6fvhmnsOO3VlrlbdTc02cKOamZF/bwfNDJs/dieqCwA76grrca7M7obs/o1VUScM1dlLDeUTTBAoYR3x7/aKUm/XssH1eehpXzTvH4GnyPZHZmSdGDk0O0xjGwxjuMY1UZhnTaPBJY9
>8uS+URs8xaAW/Q60oThNWrfLZRgLTuhdd3JXIteS3ObE1Y/7I1S/6zRdJY8qzbUH9BE4J8Q1S5LEA6VizQcxwXI5Ylon0FzlKEmG6BRqTvCes7eSyZoThbEMJKFokMI8b6WrJ4XYupy5B801
>UtchTaLMLCjWCih19VIalECvJuDCPuVwaRgFXD2lxZAcUi1nhrFTXFCSyFBcbBUnKTtDnAMjups3XCPionYs8AqF8NT0FYeysYi6HpqLMhPibyvlHfNNLT18WOCCRO7FhK411x91QpzERfxV
>XC+Kx4dqDOr+wnyZNFVDcv1GjJtjZKfDxXegE2LRWNxIaPQBchWQbYiZzlpc98wlK3HSrSYrxcVWmlz81PdxH+2wHoY+IWwuFSUm53GLq8DWLlqrcSQtA8wTctm0UPQBl/tkZrrx33BRzZr9
>aFFj6MPHwUfGB98z3TuuMf5xulxaRti6yIURIc6wXUcpJbX99kCNn0lZ1zERYRgmtDJE20EvGTPcYAlWjS2hqkAe8yAy97zzG64lLhTr/cCW0/5uhsQV6jo0fX++3jIJbX88XMJpzz0fb1mn
>7wVNof6yaUjFW/Nskw4Hsznq/DYXhJhTtQw+0cO9aEuxRg7igq3kdLnIboejeHav4jyt6nuay6Hg3Op7dQ+2uocdZq3oEIkbLmw8i6tKt9EdZq2w7kFJvLD6kqRHh4yjulK84Xo5nxB/4/JB
>f3l+3WiuEjodtpQ6v8a88U31zMZklqqXARxqRYzmEQh47dLU0+nDIuFmm1Bvd2XwOdfTQcrr5eVv1stet9vTVL5/DwX1+TUjSKok2y5gEeqGWbXfQ2rBYK1v0LLBri0/48L3tnTpQydz3SzT
>7+3xwiNLC8zQqFzQ+bXwVjQ1pA26pg5OynKm2q30lraIljTRHzUfEPTSmQ/CtjRY2stS74OiXFqisY+/c740y46+dqotcqyOtK3PPBurpNRUP+m7EKpy4+/o++q7Sd4Z/t8Rfu32n+wf5Oo9
>EiqpFC8AAAAASUVORK5CYII=" />
><!-- Key Message for end users -->
><h2>Policy denied: explanation for end-users</h2>
><p style="text-align:left;">Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna
>aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in
>reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui
>officia deserunt mollit anim id est laborum.</p>
><h2>Policy denied: appeal / getting access</h2>
><p style="text-align:left;">Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna
>aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in
>reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui
>officia deserunt mollit anim id est laborum.</p>
><!-- Key data for support -->
><h3>Data for the Network team</h3>
><table style="width:100%; font-size:12px">
><tr><tr><td style="text-align:right"><b>Exception summary: </b></td><td style="text-align:left"> $(exception.summary)</td></tr>
><tr><tr><td style="text-align:right"><b>Exception details: </b></td><td style="text-align:left"> $(exception.details)</td></tr>
><tr><tr><td style="text-align:right"><b>Date time: </b></td><td style="text-align:left"> $(date.utc) $(time.utc)</td></tr>
><tr><tr><td style="text-align:right"><b>Destination URL: </b></td><td style="text-align:left"> $(c-uri)</td></tr>
><tr><tr><td style="text-align:right"><b>Client ip address: </b></td><td style="text-align:left"> $(client.address)</td></tr>
><tr><tr><td style="text-align:right"><b>Application Name: </b></td><td style="text-align:left"> $(url.application.name)</td></tr>
><tr><tr><td style="text-align:right"><b>Authenticated User: </b></td><td style="text-align:left"> $(user.name)</td></tr>
><tr><tr><td style="text-align:right"><b>WSS cluster-pod-sg: </b></td><td style="text-align:left"> $(x-bluecoat-appliance-name)</td></tr>
><tr><tr><td style="text-align:right"><b>Web Site Category (aggr): </b></td><td style="text-align:left"> $(cs-categories)</td></tr>
><tr><tr><td style="text-align:right"><b>Web Site Category (policy): </b></td><td style="text-align:left"> $(cs-categories-policy)</td></tr>
><tr><tr><td style="text-align:right"><b>Web Site Category (bluecoat): </b></td><td style="text-align:left"> $(cs-categories-bluecoat)</td></tr>
><tr><tr><td style="text-align:right"><b> </b></td><td style="text-align:left"> </td></tr>
><tr><tr><td style="text-align:right"><b>Policy name: </b></td><td style="text-align:left"> ${policy.name}</td></tr>
><tr><tr><td style="text-align:right"><b>Policy revision: </b></td><td style="text-align:left"> ${policy.revision}</td></tr>
></table>
></table>
></div>
></body>
end
Image 3: Detailed exception message with branding / background image / basic styling: