search cancel

How to differentiate traffic by OS type (macOS versus Windows) with WSS Agent?


Article ID: 226454


Updated On:


Web Security Service - WSS


How to differentiate traffic by OS type (macOS versus Windows) with WSS Agent in use?


Please note that this applies to the access method that send computer information to the service, namely SEP-CIA and WSS Agent.


You can see from the WSS portal report that we have the Client-OS field available for reporting purpose, and you can also see from the WSS Access log documentation that this data is stored in the X-Client-os field.

This means that we can extract the OS for access method that fill this field with data, per the following CPL sample:

define variable string x_client_os ; Create a variable to store the resolved field data

variable.x_client_os("$(x-client-os)") ; Populate the variable with the resolved field data (requires to be in a transaction)

Then we can set a condition to match when we have an appropriate macOS or Windows string. 

define condition wssa_macOS

define condition wssa_Windows

Finally, we can use the conditions in the sample code below, for illustration purposes only:

  OK   condition=wssa_macOS
  OK   condition=wssa_Windows
  DENY ; Deny unsupported clients