Create a single html page to display Policy Denied messages to end users with relevant details for support (UPE version)

book

Article ID: 198392

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

In UPE you can modify the Exception pages on the reference proxy to control how messages are displayed to end users.

However creating a page per exception is rather not necessarily the most efficient manner to provide relevant messages to end users when they are hitting a policy denied page.

In this article we will see how to achieve this with a single string and CPL exception handling code.

Cause

n/a

Environment

WSS with Management Center

Resolution

The process detailed here relies on a simple feature of CPL, the exception function (also available in VPM):

exception(exception_id, details, string_name)

where

exception_id: Name of either a built-in exception or a custom exception of the form user_defined.exception_id that refers to a user-defined exception page.
details: Text string that is substituted for $(exception.details) within the selected exception.
string_name: String name, as defined by define string, that is substituted for $(exception.format).

Here is a very simple sample:

condition=App_Blocklist exception(content_filter_denied, "WAL Rule 2.1a - Application blocklist (added 2020-08-22)", mystring)

define string mystring
><h2>Policy denied - $(exception.details)</h2>
 ><p>The url you are trying to access is part of the Application blocklist.</p>
 ><p>You are not allowed to access this page.</p>
end 

Image 1: Base policy sample results

This error string (mystring) is extremely simple and reusable, so we can build on this, as we can have different messages displayed depending on the rule that triggers the exception page.

The exception string here is built up (and renamed) to show extra information in a table format (without style):

    ; SECTION 2: Define based url category definitions - making this catch all for all tenants.

    condition=App_Blocklist      exception(content_filter_denied, "WAL Rule 2.1a - Application blocklist (added 2020-08-22)", exception.STD) ; Rule 2.1
  condition=IP_Blocklist       exception(content_filter_denied, "WAL Rule 2.2a - IP address blocklist (added 2020-08-22)", exception.STD) ; Rule 2.2
  condition=URL_Blocklist   exception(content_filter_denied, "WAL Rule 2.3a - URL blocklist (added 2020-08-22)", exception.STD) ; Rule 2.3
    condition=Blocked_categories exception(content_filter_denied, "WAL Rule 2.4a - Blocked categories (added 2020-08-25)", exception.STD)

define string exception.STD
  ><table>
    ><table>
    ><tr><td><b>Exception summary:&nbsp; </b></td> <td> $(exception.summary)</td></tr>
    ><tr><td><b>Exception details:&nbsp; </b></td> <td> $(exception.details)</td></tr>
    ><tr><td><b>Date time:&nbsp; </b></td> <td> $(date.utc) $(time)</td></tr>
    ><tr><td><b>Destination URL:&nbsp; </b></td> <td> $(c-uri)</td></tr>
    ><tr><td><b>Client ip address:&nbsp; </b></td> <td> $(client.address)</td></tr>
    ><tr><td><b>Application Name:&nbsp; </b></td> <td> $(url.application.name)</td></tr>
    ><tr><td><b>Authenticated User:&nbsp; </b></td> <td> $(user.name)</td></tr>
    ><tr><td><b>WSS cluster-pod-sg:&nbsp; </b></td> <td> $(x-bluecoat-appliance-name)</td></tr>
    ><tr><td><b>Web Site Category (aggr):&nbsp; </b></td> <td> $(cs-categories)</td></tr>
    ><tr><td><b>Web Site Category (policy):&nbsp; </b></td> <td> $(cs-categories-policy)</td></tr>
    ><tr><td><b>Web Site Category (bluecoat):&nbsp; </b></td> <td> $(cs-categories-bluecoat)</td></tr>
    ><tr><td><b>&nbsp; </b></td> <td> &nbsp;</td></tr>
    ><tr><td><b>Policy name:&nbsp; </b></td> <td> ${policy.name}</td></tr>
    ><tr><td><b>Policy revision:&nbsp; </b></td> <td> ${policy.revision}</td></tr>
  ></table>
end

Image 2: More detailed policy sample results

We can then add a couple of paragraphs in the exception page and eventually, specific subsections, an image in the html (base64 encoded) for the company heading (Broadcom here) and a background image to soften the tone of the exception message.

define string exception.STD

><body style="background-image:url(https://images.pexels.com/photos/34090/pexels-photo.jpg?auto=compress&cs=tinysrgb&dpr=3&h=750&w=1260);
>background-size: 100%;"> <div style="text-align:center; font-family: Arial; font-size:14; width:800px; position: absolute; top: 50%; 
>left: 50%; transform: translate(-50%, -50%); background-color: white; padding: 20px; margin-bottom:auto; margin-left:auto; margin-right:auto;">
><table>
><!-- Key Message for end users -->
><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJcAAAAWCAMAAAD6rf42AAAArlBMVEX///8AAADNIDH19fXm5ube3t7U1NS8vLyOjo7KABdCQkJdXV1vb2/s7Oz7
>+/vp6emtra2enp6YmJhKSkrMGCuzs7PDw8OBgYFTU1PLy8vJAAx3d3c6OjoQEBAzMzMuLi7subwnJycYGBj67O3y0tTLACDprrIgICBmZmbUUFnHAADknKHSR1LROkf34ePcgIHab3fSS03z
>2dXmp6XdeYDgkJHXZmjvxsbVXWDOMDpCc0RgAAADqklEQVRIic2XaX+iMBCHgxwKyCGHWEXFI6vVtq66tt3v/8V2joSjx6/vtp0XJX+cTB5mJoEKoW2z3W5N8cMsPPamrutOH6rvJulYJWXW
>Q8vcx6fvhmnsOO3VlrlbdTc02cKOamZF/bwfNDJs/dieqCwA76grrca7M7obs/o1VUScM1dlLDeUTTBAoYR3x7/aKUm/XssH1eehpXzTvH4GnyPZHZmSdGDk0O0xjGwxjuMY1UZhnTaPBJY9
>8uS+URs8xaAW/Q60oThNWrfLZRgLTuhdd3JXIteS3ObE1Y/7I1S/6zRdJY8qzbUH9BE4J8Q1S5LEA6VizQcxwXI5Ylon0FzlKEmG6BRqTvCes7eSyZoThbEMJKFokMI8b6WrJ4XYupy5B801
>UtchTaLMLCjWCih19VIalECvJuDCPuVwaRgFXD2lxZAcUi1nhrFTXFCSyFBcbBUnKTtDnAMjups3XCPionYs8AqF8NT0FYeysYi6HpqLMhPibyvlHfNNLT18WOCCRO7FhK411x91QpzERfxV
>XC+Kx4dqDOr+wnyZNFVDcv1GjJtjZKfDxXegE2LRWNxIaPQBchWQbYiZzlpc98wlK3HSrSYrxcVWmlz81PdxH+2wHoY+IWwuFSUm53GLq8DWLlqrcSQtA8wTctm0UPQBl/tkZrrx33BRzZr9
>aFFj6MPHwUfGB98z3TuuMf5xulxaRti6yIURIc6wXUcpJbX99kCNn0lZ1zERYRgmtDJE20EvGTPcYAlWjS2hqkAe8yAy97zzG64lLhTr/cCW0/5uhsQV6jo0fX++3jIJbX88XMJpzz0fb1mn
>7wVNof6yaUjFW/Nskw4Hsznq/DYXhJhTtQw+0cO9aEuxRg7igq3kdLnIboejeHav4jyt6nuay6Hg3Op7dQ+2uocdZq3oEIkbLmw8i6tKt9EdZq2w7kFJvLD6kqRHh4yjulK84Xo5nxB/4/JB
>f3l+3WiuEjodtpQ6v8a88U31zMZklqqXARxqRYzmEQh47dLU0+nDIuFmm1Bvd2XwOdfTQcrr5eVv1stet9vTVL5/DwX1+TUjSKok2y5gEeqGWbXfQ2rBYK1v0LLBri0/48L3tnTpQydz3SzT
>7+3xwiNLC8zQqFzQ+bXwVjQ1pA26pg5OynKm2q30lraIljTRHzUfEPTSmQ/CtjRY2stS74OiXFqisY+/c740y46+dqotcqyOtK3PPBurpNRUP+m7EKpy4+/o++q7Sd4Z/t8Rfu32n+wf5Oo9
>EiqpFC8AAAAASUVORK5CYII=" />
><!-- Key Message for end users -->
><h2>Policy denied: explanation for end-users</h2>
><p style="text-align:left;">Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna 
>aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in 
>reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui
>officia deserunt mollit anim id est laborum.</p>
><h2>Policy denied: appeal / getting access</h2>
><p style="text-align:left;">Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna 
>aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in 
>reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui
>officia deserunt mollit anim id est laborum.</p>
><!-- Key data for support -->
><h3>Data for the Network team</h3>
><table style="width:100%; font-size:12px">
><tr><tr><td style="text-align:right"><b>Exception summary:&nbsp;</b></td><td style="text-align:left"> $(exception.summary)</td></tr>
><tr><tr><td style="text-align:right"><b>Exception details:&nbsp;</b></td><td style="text-align:left"> $(exception.details)</td></tr>
><tr><tr><td style="text-align:right"><b>Date time:&nbsp;</b></td><td style="text-align:left"> $(date.utc) $(time.utc)</td></tr>
><tr><tr><td style="text-align:right"><b>Destination URL:&nbsp;</b></td><td style="text-align:left"> $(c-uri)</td></tr>
><tr><tr><td style="text-align:right"><b>Client ip address:&nbsp;</b></td><td style="text-align:left"> $(client.address)</td></tr>
><tr><tr><td style="text-align:right"><b>Application Name:&nbsp;</b></td><td style="text-align:left"> $(url.application.name)</td></tr>
><tr><tr><td style="text-align:right"><b>Authenticated User:&nbsp;</b></td><td style="text-align:left"> $(user.name)</td></tr>
><tr><tr><td style="text-align:right"><b>WSS cluster-pod-sg:&nbsp;</b></td><td style="text-align:left"> $(x-bluecoat-appliance-name)</td></tr>
><tr><tr><td style="text-align:right"><b>Web Site Category (aggr):&nbsp;</b></td><td style="text-align:left"> $(cs-categories)</td></tr>
><tr><tr><td style="text-align:right"><b>Web Site Category (policy):&nbsp;</b></td><td style="text-align:left"> $(cs-categories-policy)</td></tr>
><tr><tr><td style="text-align:right"><b>Web Site Category (bluecoat):&nbsp;</b></td><td style="text-align:left"> $(cs-categories-bluecoat)</td></tr>
><tr><tr><td style="text-align:right"><b>&nbsp;</b></td><td style="text-align:left"> &nbsp;</td></tr>
><tr><tr><td style="text-align:right"><b>Policy name:&nbsp;</b></td><td style="text-align:left"> ${policy.name}</td></tr>
><tr><tr><td style="text-align:right"><b>Policy revision:&nbsp;</b></td><td style="text-align:left"> ${policy.revision}</td></tr>
></table>
></table>
></div>
></body>

end

Image 3: Detailed exception message with branding / background image / basic styling:

Attachments