search cancel

How to differentiate traffic by OS type (macOS versus Windows) with WSS Agent?

book

Article ID: 226454

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

How to differentiate traffic by OS type (macOS versus Windows) with WSS Agent in use?

Environment

Please note that this applies to the access method that send computer information to the service, namely SEP-CIA and WSS Agent.

Resolution

You can see from the WSS portal report that we have the Client-OS field available for reporting purpose, and you can also see from the WSS Access log documentation that this data is stored in the X-Client-os field.

This means that we can extract the OS for access method that fill this field with data, per the following CPL sample:

define variable string x_client_os ; Create a variable to store the resolved field data

<proxy>
variable.x_client_os("$(x-client-os)") ; Populate the variable with the resolved field data (requires to be in a transaction)

Then we can set a condition to match when we have an appropriate macOS or Windows string. 

define condition wssa_macOS
  variable.x_client_os.substring="name=macOS"
end

define condition wssa_Windows
  variable.x_client_os.substring="name=Windows"
end

Finally, we can use the conditions in the sample code below, for illustration purposes only:

<proxy>
  OK   condition=wssa_macOS
  OK   condition=wssa_Windows
  DENY ; Deny unsupported clients